Lucene search
Veracode Vulnerability DatabaseVERACODE:29452HistoryFeb 22, 2021 - 4:41 a.m.
Arbitrary Code Execution
2021-02-2204:41:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
jinjava
arbitrary code
execution
vulnerability
software
access
classes
application class loader
EPSS
0.001
Percentile
40.8%
jinjava is vulnerable to arbitrary code execution. An attacker is able to gain access to arbitrary classes via objects that are passed to the Jinjava context through the application class loader.
References
github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4
github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213b
github.com/HubSpot/jinjava/pull/435
github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165
github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4
securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjava
Related
osv
osv
Unauthorized access to Class instance in Jinjava
2022-02-09 00:33:56
CVE-2020-12668
2021-02-19 23:15:12
cvelist
cvelist
CVE-2020-12668
2021-02-19 22:33:55
cve
cve
CVE-2020-12668
2021-02-19 23:15:12
prion
prion
Arbitrary file deletion
2021-02-19 23:15:00
nvd
nvd
CVE-2020-12668
2021-02-19 23:15:12
github
github
Unauthorized access to Class instance in Jinjava
2022-02-09 00:33:56