Lucene search

CVE-2020-9301

🗓️ 11 Dec 2020 03:11:15Reported by netflixType

Nolan Ray of Apple InfoSec found Spinnaker v1.23.4, v1.22.4, and v1.21.5 allows reading/writing arbitrary files via SpEL expressions

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2020-9301	11 Dec 202002:10	–	cvelist
NVD	CVE-2020-9301	11 Dec 202003:15	–	nvd
Prion	Design/Logic Flaw	11 Dec 202003:15	–	prion

Nvd

Node

linuxfoundation spinnakerRange<1.21.5

linuxfoundation spinnakerRange1.22.0–1.22.4

linuxfoundation spinnakerRange1.23.0–1.23.4

[
  {
    "product": "Netflix Spinnaker",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to version 1.23.4, 1.22.4 or 1.21.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-006.md

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Dec 2020 03:15Current

7.9High risk

Vulners AI Score7.9

CVSS26.5

CVSS38.8

EPSS0.00461

CWE-502