Carsten Ziegeler

**Name of the Vulnerable Software and Affected Versions** Apache Sling Servlets Resolver versions prior to 2.11.0 **Description** The issue is related to incorrect restriction of the directory path name in the Apache Sling Servlets Resolver, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved through path traversal, potentially allowing a user with write access to the repository to trick the Sling Servlet Resolver into loading a previously uploaded script. The exact configuration of the system determines its vulnerability to this attack. **Recommendations** For Apache Sling Servlets Resolver versions prior to 2.11.0, upgrade to version 2.11.0 to fix the issue. It is recommended to upgrade regardless of the current system configuration to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Sling Auth Core bundle versions prior to 1.1.4 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `resource` parameter. This is related to a custom login form and potential XSS. **Recommendations** For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AbstractAuthenticationFormServlet to minimize the risk of exploitation. Avoid using the `resource` parameter in the affected servlet until the issue is resolved.