VYPR

Maven package

org.apache.synapse/synapse-core

pkg:maven/org.apache.synapse/synapse-core

Vulnerabilities (1)

  • CVE-2017-15708CriDec 11, 2017
    affected < 3.0.1fixed 3.0.1

    In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted