CVE-2020-1729
Description
A flaw was found in SmallRyes API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
Risk Information
Base Score
4.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.038
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1729 are fixed in SmallRye-config 1.6.2 | Windows |
| Vulnerabilities CVE-2020-1729 are fixed in SmallRye-config for Linux 1.6.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234