Lucene search
GoogleOSV:CVE-2020-12668HistoryFeb 19, 2021 - 11:15 p.m.
CVE-2020-12668
2021-02-1923:15:12
Google
osv.dev
5
jinjava
arbitrary classes
application class loader
file disclosure
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
References
github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4
github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213b
github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165
github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4
securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjava
Related
osv
osv
Unauthorized access to Class instance in Jinjava
2022-02-09 00:33:56
cvelist
cvelist
CVE-2020-12668
2021-02-19 22:33:55
cve
cve
CVE-2020-12668
2021-02-19 23:15:12
veracode
veracode
Arbitrary Code Execution
2021-02-22 04:41:05
prion
prion
Arbitrary file deletion
2021-02-19 23:15:00
nvd
nvd
CVE-2020-12668
2021-02-19 23:15:12
github
github
Unauthorized access to Class instance in Jinjava
2022-02-09 00:33:56