Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI.
Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://sling.apache.org/news.html |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: apache
Published: 2023-02-14T12:12:21.224Z
Updated: 2024-08-02T11:18:35.247Z
Reserved: 2023-02-03T12:48:07.674Z
Link: CVE-2023-25141

No data.

Status : Modified
Published: 2023-02-14T13:15:12.903
Modified: 2024-11-21T07:49:11.340
Link: CVE-2023-25141

No data.