Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.7 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.8CVSS6.8AI score0.02006EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/02/10 11:6 p.m.5 views

com.netflix.conductor:conductor-contribs (>=0.0.4 <=1.12.13), com.netflix.conductor:conductor-es2-persistence (>=1.10.0 <=1.12.13) +5 more potentially affected by CVE-2020-9296 via com.netflix.conductor:conductor-core (>=0.0.4 <=1.9.7)

com.netflix.conductor:conductor-core MAVEN version =0.0.4, =0.0.4, =1.10.0, =1.7.7, =0.0.4, =1.8.2, =0.0.4, =1.6.0, =1.8.0-alpha-1 Source cves: CVE-2020-9296 Source advisory: OSV:GHSA-WFJ5-2MQR-7JVV...

9.8CVSS7.8AI score0.02006EPSS
Exploits0
CVE
CVE
added 2020/06/16 1:19 p.m.84 views

CVE-2020-9296

CVE-2020-9296 affects Netflix Titus and Netflix Conductor through Java Bean Validation (JSR 380) custom constraint validators. The issue arises when building constraint violation messages via ConstraintValidatorContext.buildConstraintViolationWithTemplate(): attacker-controlled data in the templa...

9.8CVSS9.3AI score0.02006EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/16 1:19 p.m.28 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.4AI score0.02006EPSS
Exploits0References1
Rows per page
Query Builder