CVE-2020-17521

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-17521

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17521.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-17521

Aliases

GHSA-rcjj-h6gh-jf3r

Related

Published

2020-12-07T20:15:12Z

Modified

2024-09-18T01:00:20Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

References

Affected packages

Debian:11 / groovy

Package

Name: groovy
Purl: pkg:deb/debian/groovy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / groovy

Package

Name: groovy
Purl: pkg:deb/debian/groovy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / groovy

Package

Name: groovy
Purl: pkg:deb/debian/groovy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/groovy

Affected ranges

Type: GIT
Repo: https://github.com/apache/groovy
Events: Introduced

cfea02483ef46c89eae66d4af932a725574edc4d

Last affected

0e6f3ac4a641d1ef387ce9eba96be1ebe917c27f

Last affected

2916064271939400a948c5c3a4085392ee12358f

Introduced

60d50180e756fa75e45d78357f36285fcdf62846

Last affected

6eb8bbbf62120a29cae04d3cdddf0e4e28954760

Introduced

837dc41fe6b8e4c96abaeaa481a52e1d58e9c80f

Last affected

a21733c9e20b208a614f890fffb0dd42ab3650c7