{"vulnerability": "CVE-2022-45064", "sightings": [{"uuid": "7e1a6ebe-d07a-4ff4-8e18-ec1695766c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45064", "type": "seen", "source": "https://t.me/cibsecurity/62054", "content": "\u203c CVE-2022-45064 \u203c\n\nThe SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the \"Check Content-Type overrides\" configuration option.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-13T14:23:45.000000Z"}]}