Command Injection Vulnerability in ONOS 1.15.0 YangWebResource.java

Command Injection Vulnerability in ONOS 1.15.0 YangWebResource.java

CVE-2019-13624 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

Learn more about our Web App Pen Testing.