CVE-2019-1010234

Name of the Vulnerable Software and Affected Versions: ONOS versions 1.15.0 and earlier

Description: The issue is related to improper input validation, allowing an attacker to remotely execute commands by sending a malicious HTTP request to the controller. The vulnerable component is the runJavaCompiler method in YangLiveCompilerManager.java. The attack vector is network connectivity.

Recommendations: For versions 1.15.0 and earlier, consider restricting network access to the controller until a fix is available. As a temporary workaround, consider disabling the runJavaCompiler method in YangLiveCompilerManager.java to prevent remote command execution.