CVE-2020-5245

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-5245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5245.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5245
Aliases
Related
Published
2020-02-24T18:15:22Z
Modified
2025-01-15T01:46:18.154347Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.

The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

References

Affected packages

Git / github.com/dropwizard/dropwizard

Affected ranges

Type
GIT
Repo
https://github.com/dropwizard/dropwizard
Events

Affected versions

v0.*

v0.0.1
v0.0.10
v0.0.10-1
v0.0.11
v0.0.11-1
v0.0.12
v0.0.13
v0.0.2
v0.0.2-fix-publishing
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.0-rc3
v0.8.0
v0.8.0-rc1
v0.8.0-rc2
v0.8.0-rc3
v0.8.0-rc4
v0.8.0-rc5
v0.8.1
v0.8.1-rc1
v0.8.1-rc2
v0.9.0
v0.9.0-rc1
v0.9.0-rc2
v0.9.0-rc3
v0.9.0-rc4
v0.9.0-rc5

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.0-rc4
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.2.0-rc3
v1.2.0-rc4
v1.2.0-rc5
v1.2.0-rc6
v1.3.0
v1.3.0-rc1
v1.3.0-rc2
v1.3.0-rc3
v1.3.0-rc4
v1.3.0-rc5
v1.3.0-rc6
v1.3.0-rc7
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0
v2.0.0-rc0
v2.0.0-rc1
v2.0.0-rc10
v2.0.0-rc11
v2.0.0-rc12
v2.0.0-rc13
v2.0.0-rc14
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.0-rc5
v2.0.0-rc6
v2.0.0-rc7
v2.0.0-rc8
v2.0.0-rc9
v2.0.1