-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly identifies createStateless as the vulnerable component and demonstrates exploitation via LDAP URLs. The method appears to perform JNDI lookups without validating input protocols, consistent with classic JNDI injection patterns. The reproduction example and fix suggestion (filtering protocols) directly implicate this function's input validation as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| opensymphony:oscore | maven | <= 2.2.6 |
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report