Emissary – an open-source, P2P workflow engine built by the US National Security Agency- consists vulnerabilities that threat attackers could leverage to take over Emissary instances. After the discovery of five security vulnerabilities in the Java web application, users have been asked to update their systems.
The vulnerabilities were discovered in Emissary version 5.9.0. A blog post by security researchers from SonarSource demonstrates how a threat actor could conduct a cross-site request forgery attack against a logged-in user and achieve remote code execution by exploiting code injection vulnerability.
To Read More: Portswigger