22 matches found
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-11002
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
Server-Side Template Injection
dropwizard-validation is vulnerable to Server-Side Template Injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language EL expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature,...
dropwizard-validation injection vulnerability (CNVD-2020-22964)
dropwizard-validation is a library that supports building RESTful web services that can be used in production environments. An injection vulnerability exists in dropwizard-validation versions prior to 2.0.3 and prior to 1.3.21. An attacker can exploit this vulnerability to inject arbitrary Java E...
CVE-2020-11002
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
at.yawk.dropwizard-nagios:dropwizard-nagios (=1.0), be.fluid-it.microservice.bundle:microservice-bundle-core (>=0.1-1 <=0.1-16) +699 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=0.7.0-rc1 <=1.3.20)
io.dropwizard:dropwizard-validation MAVEN version =0.7.0-rc1, =0.1-1, =0.1-1, =0.1-9, =0.1-5, =0.8-1-1, =0.0.105, =0.7.0.3, =1.0, =0.1.0, =0.2.0, =0.7.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...
Remote Code Execution (RCE) vulnerability in dropwizard-validation
Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...
GHSA-8JPX-M2WH-2V34 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...
com.bendb.dropwizard:dropwizard-jooq (=2.0.2-0), com.bendb.dropwizard:dropwizard-redis (=2.0.2-0) +227 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=2.0.0 <=2.0.29)
io.dropwizard:dropwizard-validation MAVEN version =2.0.0, =2.0.0, =3.0.0, =3.0.0, =4.0.0, =2.0.0, =1.2.0, =1.2.0, =1.2.4 - com.github.vivekkothari:data-river-core =2.0.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...
CVE-2020-11002
CVE-2020-11002 affects Dropwizard-validation prior to 1.3.21 and 2.0.3, where a server-side template injection in the self-validating feature enables injection of arbitrary Java EL expressions, leading to Remote Code Execution (RCE). Affected: dropwizard-validation versions before 1.3.21 and 2.0....
CVE-2020-11002 Remote Code Execution (RCE) vulnerability in dropwizard-validation
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
Server-Side Template Injection
dropwizard-validation is vulnerable to server-side template injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language EL expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature,...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
Security feature bypass
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
com.bazaarvoice.curator:dropwizard (>=2.1.0 <=2.1.3), com.bazaarvoice.ostrich.examples.calculator:calculator-client (>=2.1.0 <=2.1.1) +147 more potentially affected by CVE-2020-11002 +1 more via io.dropwizard:dropwizard-validation (>=1.3.0-rc1 <=1.3.18)
io.dropwizard:dropwizard-validation MAVEN version =1.3.0-rc1, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =1.3.17-1, =1.6.0-311, =1.6.0-311, =1.0.0-212, =3.1.2-489, =3.1.0-578, =3.3.0-2 - com.github.mtakaki:dropwizard-hikaricp =1.3.1 and more Source cves: CVE-2020-11002, CVE-2020-5245 Source advisory:...
GHSA-3MCP-9WR4-CJQF Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...
Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...