4 matches found
CVE-2020-9296
Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...
com.netflix.conductor:conductor-contribs (>=0.0.4 <=1.12.13), com.netflix.conductor:conductor-es2-persistence (>=1.10.0 <=1.12.13) +5 more potentially affected by CVE-2020-9296 via com.netflix.conductor:conductor-core (>=0.0.4 <=1.9.7)
com.netflix.conductor:conductor-core MAVEN version =0.0.4, =0.0.4, =1.10.0, =1.7.7, =0.0.4, =1.8.2, =0.0.4, =1.6.0, =1.8.0-alpha-1 Source cves: CVE-2020-9296 Source advisory: OSV:GHSA-WFJ5-2MQR-7JVV...
CVE-2020-9296
CVE-2020-9296 affects Netflix Titus and Netflix Conductor through Java Bean Validation (JSR 380) custom constraint validators. The issue arises when building constraint violation messages via ConstraintValidatorContext.buildConstraintViolationWithTemplate(): attacker-controlled data in the templa...
CVE-2020-9296
Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...