Veracode Vulnerability DatabaseVERACODE:25028Server-Side Template Injection
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
dropwizard-validation is vulnerable to Server-Side Template Injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language (EL) expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature, allowing an attacker to execute arbitrary code on the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dropwizard validation support | le | 1.3.20 | |
| dropwizard validation support | le | 2.0.2 |
References
docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
github.com/dropwizard/dropwizard/commit/74e211514db951a67b0e9ff75b0102704d4b2049
github.com/dropwizard/dropwizard/commit/d5a512f7abf965275f2a6b913ac4fe778e424242
github.com/dropwizard/dropwizard/pull/3208
github.com/dropwizard/dropwizard/pull/3209
github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf
github.com/dropwizard/dropwizard/security/advisories/GHSA-8jpx-m2wh-2v34
github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C