MGASA-2013-0292

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0292.html

Import Source

https://advisories.mageia.org/MGASA-2013-0292.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0292

Upstream

CVE-2013-1768

Published

2013-10-05T17:44:58Z

Modified

2026-04-16T06:22:58.435049126Z

Summary

Updated openjpa packages fix CVE-2013-1768

Details

Updated openjpa packages fix security vulnerability:

The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / openjpa

Package

Name: openjpa
Purl: pkg:rpm/mageia/openjpa?arch=source&distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1.1.mga2

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0292.json"

Mageia:3 / openjpa

Package

Name: openjpa
Purl: pkg:rpm/mageia/openjpa?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.0-3.1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0292.json"