2 matches found
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2020-9297
CVE-2020-9297 affects Netflix Titus prior to v0.1.1-rc.274. The issue arises when building custom constraint violation messages with ConstraintValidatorContext.buildConstraintViolationWithTemplate(); an attacker could inject arbitrary data into the error message template, enabling execution of ar...