cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25141,https://securityvulnerability.io/vulnerability/CVE-2023-25141,JNDI injection into Apache sling-org-apache-sling-jcr-base,"Apache Sling JCR Base versions prior to 3.1.12 are susceptible to an injection vulnerability when utilized with outdated Java Development Kit (JDK) versions, specifically JDK 1.8.191 or earlier. This vulnerability exists within utility functions in the RepositoryAccessor, namely getRepository and getRepositoryFromURL, which permit unauthorized access to remote data over JDNI and RMI protocols. It is essential for users to either update to Apache Sling JCR Base version 3.1.12 or above or transition to a more current version of JDK to mitigate the risks associated with this vulnerability.",Apache,Apache Sling JCR Base,7.5,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-02-14T13:15:00.000Z,0