11 matches found
EUVD-2020-0372
Malware in sbrugna...
com.github.jinahya:jsonrpc-bind-tests (=0.7.1), org.amebastack.container:ameba-container-grizzly (>=0.1.6c <=0.1.6e) +185 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=7.0.0.Alpha1 <=7.0.0.Alpha6)
org.hibernate.validator:hibernate-validator MAVEN version =7.0.0.Alpha1, =0.1.6c, =0.1.2, =0.1.2, =0.1.2, =0.1.6c, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-RC1 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory: OSV:GHSA-7V6M-28JR-RG84...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +12168 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=6.0.0.Alpha1 <=6.1.7.Final)
org.hibernate.validator:hibernate-validator MAVEN version =6.0.0.Alpha1, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j11.2.4.0 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
Remote code execution
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
Remote Code Execution (RCE) vulnerability in dropwizard-validation
Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245
Technical specifics for CVE-2020-5245 (affected software, root cause, impact, and fix) are provided in the Initial document; there are no additional concrete details about this CVE in the Connected documents.
com.bazaarvoice.curator:dropwizard (>=2.1.0 <=2.1.3), com.bazaarvoice.ostrich.examples.calculator:calculator-client (>=2.1.0 <=2.1.1) +147 more potentially affected by CVE-2020-11002 +1 more via io.dropwizard:dropwizard-validation (>=1.3.0-rc1 <=1.3.18)
io.dropwizard:dropwizard-validation MAVEN version =1.3.0-rc1, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =1.3.17-1, =1.6.0-311, =1.6.0-311, =1.0.0-212, =3.1.2-489, =3.1.0-578, =3.3.0-2 - com.github.mtakaki:dropwizard-hikaricp =1.3.1 and more Source cves: CVE-2020-11002, CVE-2020-5245 Source advisory:...
com.expediagroup.dropwizard:dropwizard-resilience4j-bundle (>=3.0.0 <=3.1.0), com.expediagroup.dropwizard:dropwizard-template-config (=2.0.0) +152 more potentially affected by CVE-2020-11002 +1 more via io.dropwizard:dropwizard-validation (>=2.0.0 <=2.0.19)
io.dropwizard:dropwizard-validation MAVEN version =2.0.0, =3.0.0, =3.0.0, =4.0.0, =2.0.0, =2.3, =2.3, =clienthcnovehicle and more Source cves: CVE-2020-11002, CVE-2020-5245 Source advisory: OSV:GHSA-3MCP-9WR4-CJQF...