CVE-2020-5245
Description
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.297
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-5245 are fixed in Dropwizard-dropwizard-validation 2.0.2 | Windows |
| Vulnerabilities CVE-2020-5245 are fixed in Dropwizard-dropwizard-validation 1.3.19 | Windows |
| Vulnerabilities CVE-2020-5245 are fixed in Dropwizard-dropwizard-validation for Linux 2.0.2 | Linux |
| Vulnerabilities CVE-2020-5245 are fixed in Dropwizard-dropwizard-validation for Linux 1.3.19 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234