Lucene search
PRIOn knowledge basePRION:CVE-2020-5245HistoryFeb 24, 2020 - 6:15 p.m.
Security feature bypass
2020-02-2418:15:00
PRIOn knowledge base
www.prio-n.com
4
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dropwizard_validation | lt | 1.3.19 | |
| dropwizard_validation | ge | 2.0.0 | |
| dropwizard_validation | lt | 2.0.2 | |
| blockchain_platform | lt | 21.1.2 |
References
beanvalidation.org/2.0/spec/
docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/
docs.oracle.com/javaee/7/tutorial/jsf-el.htm
github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634
github.com/dropwizard/dropwizard/pull/3157
github.com/dropwizard/dropwizard/pull/3160
github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf
www.oracle.com/security-alerts/cpuapr2022.html
Related
cvelist
cvelist
vulnrichment
vulnrichment
github
github
Remote Code Execution (RCE) vulnerability in dropwizard-validation
2020-02-24 17:27:27
Remote Code Execution (RCE) vulnerability in dropwizard-validation
2020-04-10 18:42:20
cve
cve
CVE-2020-5245
2020-02-24 18:15:22
CVE-2020-11002
2020-04-10 19:15:13
veracode
veracode
Server-Side Template Injection
2020-02-25 03:27:07
nvd
nvd
CVE-2020-5245
2020-02-24 18:15:22
CVE-2020-11002
2020-04-10 19:15:13
osv
osv
CVE-2020-5245
2020-02-24 18:15:22
Remote Code Execution (RCE) vulnerability in dropwizard-validation
2020-02-24 17:27:27
CVE-2020-11002
2020-04-10 19:15:13
prion
prion
Remote code execution
2020-04-10 19:15:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00