CVE-2020-6754
- Source
- https://cve.org/CVERecord?id=CVE-2020-6754
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6754.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-6754
- Published
- 2020-02-05T17:15:10.537Z
- Modified
- 2026-04-11T13:53:22.159989Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCATHOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmpupload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
- References
Affected packages
Git / github.com/dotcms/core
Affected versions
3.*
3.0
3.5
3.5_Preview01
3.5_Preview02
3.6.0
5.*
5.2.0
5.2.1
pre3.*
pre3.5buildrevert
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6754.json"
vanir_signatures_modified
"2026-04-11T13:53:22Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"212782313452063913193578797663456291622",
"92600049029349482001306405533256245985",
"135756894813603437535814674671407583068",
"101189251698574058280810611240740138777",
"297164111336928037556873467862149061788",
"241429662320713779636975703922712469110",
"278149354703171285244562976940295763006",
"226298034287598230884748682406665662303",
"205274804033709825768539149495175164460",
"258242024970674548201987921529157739894",
"65387989931371672711519902159247668504",
"129179317608015344954522656709245534184"
]
},
"id": "CVE-2020-6754-4190466c",
"deprecated": false,
"target": {
"file": "dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostAPIImpl.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e",
"digest": {
"function_hash": "80287980246394692374369540247165709685",
"length": 527.0
},
"id": "CVE-2020-6754-46c9205b",
"deprecated": false,
"target": {
"file": "dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostAPIImpl.java",
"function": "resolveHostName"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"87511054661411499830282760739711177365",
"70377559537387601527370175728731477612",
"15706718899924507892123850202955075348",
"194668899062072866889254087771497566583",
"118193031551879604056336466241489469969",
"63842192234830643330814048624695000949",
"136309341826815609001954834767981236966"
]
},
"id": "CVE-2020-6754-72c7ba5c",
"deprecated": false,
"target": {
"file": "dotCMS/src/integration-test/java/com/dotmarketing/portlets/contentlet/business/HostAPITest.java"
}
}
]