We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.
Upgrade Hermes to at least hermes-2.2.9
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
Impact
hermes-management is vulnerable to RCE when it processes user-controlled
data due to using Apache commons-jxpath.
Patches
Upgrade Hermes to at least hermes-2.2.9
References
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/