A newly disclosed vulnerability in Apache Jackrabbit Core and JCR Commons allows JNDI injection, potentially leading to remote code execution, as the flaw stems from handling untrusted JNDI URIs in `JndiRepositoryFactory`, enabling deserialization of malicious data. Exploitation can result in arbitrary code execution, data exfiltration, or service disruption, impacting enterprise content management and web systems.
Latest mentioned: 09-08
Earliest mentioned: 09-08