6 matches found
CVE-2020-11002
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
at.yawk.dropwizard-nagios:dropwizard-nagios (=1.0), be.fluid-it.microservice.bundle:microservice-bundle-core (>=0.1-1 <=0.1-16) +699 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=0.7.0-rc1 <=1.3.20)
io.dropwizard:dropwizard-validation MAVEN version =0.7.0-rc1, =0.1-1, =0.1-1, =0.1-9, =0.1-5, =0.8-1-1, =0.0.105, =0.7.0.3, =1.0, =0.1.0, =0.2.0, =0.7.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...
com.bendb.dropwizard:dropwizard-jooq (=2.0.2-0), com.bendb.dropwizard:dropwizard-redis (=2.0.2-0) +228 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=2.0.0 <=2.0.29)
io.dropwizard:dropwizard-validation MAVEN version =2.0.0, =2.0.0, =3.0.0, =2.0.0, =3.0.0, =4.0.0, =2.0.0, =1.2.0, =1.2.0, =1.2.4 - com.github.vivekkothari:data-river-core =2.0.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...
CVE-2020-11002
CVE-2020-11002 affects Dropwizard-validation prior to 1.3.21 and 2.0.3, where a server-side template injection in the self-validating feature enables injection of arbitrary Java EL expressions, leading to Remote Code Execution (RCE). Affected: dropwizard-validation versions before 1.3.21 and 2.0....
com.expediagroup.dropwizard:dropwizard-resilience4j-bundle (>=3.0.0 <=3.1.0), com.expediagroup.dropwizard:dropwizard-template-config (=2.0.0) +152 more potentially affected by CVE-2020-11002 +1 more via io.dropwizard:dropwizard-validation (>=2.0.0 <=2.0.19)
io.dropwizard:dropwizard-validation MAVEN version =2.0.0, =3.0.0, =3.0.0, =4.0.0, =2.0.0, =2.3, =2.3, =clienthcnovehicle and more Source cves: CVE-2020-11002, CVE-2020-5245 Source advisory: OSV:GHSA-3MCP-9WR4-CJQF...
com.bazaarvoice.curator:dropwizard (>=2.1.0 <=2.1.3), com.bazaarvoice.ostrich.examples.calculator:calculator-client (>=2.1.0 <=2.1.1) +147 more potentially affected by CVE-2020-11002 +1 more via io.dropwizard:dropwizard-validation (>=1.3.0-rc1 <=1.3.18)
io.dropwizard:dropwizard-validation MAVEN version =1.3.0-rc1, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =1.3.17-1, =1.6.0-311, =1.6.0-311, =1.0.0-212, =3.1.2-489, =3.1.0-578, =3.3.0-2 - com.github.mtakaki:dropwizard-hikaricp =1.3.1 and more Source cves: CVE-2020-11002, CVE-2020-5245 Source advisory:...