Vulnerabilities > CVE-2022-23330 - Unspecified vulnerability in Jpress 4.2.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jpress

NVD

Published: 2022-02-04

Updated: 2022-02-09

Summary

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.

Vulnerable Configurations

Part	Description	Count
Application	Jpress Jpress Jpress 4.2.0	1

References

https://gitee.com/JPressProjects/jpress/issues/I4QZZ8