VYPR

Maven package

org.apache.sling/org.apache.sling.api

pkg:maven/org.apache.sling/org.apache.sling.api

Vulnerabilities (3)

  • CVE-2022-32549Jun 22, 2022
    affected <= 2.25.0

    Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

  • CVE-2015-2944Jun 2, 2015
    affected < 2.2.2fixed 2.2.2

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache

  • CVE-2013-2254Oct 17, 2013
    affected < 2.4.0fixed 2.4.0

    The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows