Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-05T10:39:59.576Z

Reserved: 2018-09-19T00:00:00

Link: CVE-2018-17191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-31T14:29:00.240

Modified: 2024-11-21T03:54:03.570

Link: CVE-2018-17191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.