📦 Emissary

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Emissary, a P2P-based workflow engine. Attackers can exploit the RegisterPeerAction and AddChildDirectoryAction endpoints to ma...

This vulnerability allows authenticated attackers to execute arbitrary code on Emissary workflow engine servers by exploiting a class loading mechanism in the CreatePlace REST endpoint. Attackers can ...

CVE-2021-32634 is an unsafe deserialization vulnerability in Emissary's WorkSpaceClientEnqueue REST endpoint that allows authenticated attackers to execute arbitrary code on affected systems. This aff...

CVE-2021-32094 allows authenticated users to upload arbitrary files to NSA Emissary workflow application. This could lead to remote code execution or system compromise. Affects organizations using Emi...

CVE-2021-32096 is a Cross-Site Request Forgery (CSRF) vulnerability in NSA Emissary's ConsoleAction component that allows attackers to inject arbitrary Ruby code via the CONSOLE_COMMAND_STRING paramet...