CVE-2020-17521
Description
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovys implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.79
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy 2.4.21 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy 2.5.14 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy 3.0.7 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all 2.4.21 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all 2.5.14 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all 3.0.7 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter - | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.4 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.2 | Windows |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy for Linux 2.4.21 | Linux |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy for Linux 2.5.14 | Linux |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy for Linux 3.0.7 | Linux |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all for Linux 2.4.21 | Linux |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all for Linux 2.5.14 | Linux |
| Vulnerabilities CVE-2020-17521 are fixed in Groovy-groovy-all for Linux 3.0.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234