CVE-2020-12668

2021-02-1923:15:12

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

CPENameOperatorVersion
jinjavaeqjinjava-1.0.0
jinjavaeqjinjava-2.0.2
jinjavaeqjinjava-2.0.3
jinjavaeqjinjava-2.0.5
jinjavaeqjinjava-2.5.3
jinjavaeqjinjava-1.0.2
jinjavaeqjinjava-2.0.4
jinjavaeqjinjava-2.0.1
jinjavaeqjinjava-1.0.7
jinjavaeqjinjava-1.0.4

Name	Operator	Version
jinjava	eq	jinjava-1.0.0
jinjava	eq	jinjava-2.0.2
jinjava	eq	jinjava-2.0.3
jinjava	eq	jinjava-2.0.5
jinjava	eq	jinjava-2.5.3
jinjava	eq	jinjava-1.0.2
jinjava	eq	jinjava-2.0.4
jinjava	eq	jinjava-2.0.1
jinjava	eq	jinjava-1.0.7
jinjava	eq	jinjava-1.0.4