近日，Apache软件基金会披露了Apache Jackrabbit Core 和 JCR Commons 组件中一个重要的安全漏洞，编号为 CVE-2025-58782 。该漏洞影响了从 1.0.0 到 2.22.1 版本的 Jackrabbit ，当系统使用 JndiRepositoryFactory 时，可能引发 JNDI （Java命名和目录接口）注入风险。这一消息迅速引发了业界对 ...

Apache软件基金会近日披露了Apache Jackrabbit Core和JCR ...

JNDI, the Java Naming and Directory Interface, allows applications to access various naming and directory services via a common interface. The figure below shows the JNDI architecture. Like JDBC (Java ...

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. There is a pair of new exploit attack vectors in commonly ...

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...