org.apache.sling:org.apache.sling.api

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.sling:org.apache.sling.apipage 1 of 1

CVE-2013-2254NONECVSS 0.0EG 0.0✓ Fixed in 2.4.0
2013-10-17
vulnerable: 2.0.2-incubator ... 2.3.0 (9 versions)
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have pe…
CVE-2015-2944NONECVSS 0.0EG 0.0✓ Fixed in 2.2.2
2015-06-02
vulnerable: 2.0.2-incubator ... 2.2.0 (6 versions)
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api…
CVE-2022-32549MEDIUMCVSS 5.3EG 5.3
2022-06-22
vulnerable: 2.0.2-incubator ... 2.9.0 (35 versions)
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

Check whether org.apache.sling:org.apache.sling.api is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.sling:org.apache.sling.api CVEs against the assets you own.

Start Free Scan →