GHSA-29q4-gxjq-rx5c

Source

https://github.com/advisories/GHSA-29q4-gxjq-rx5c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-29q4-gxjq-rx5c/GHSA-29q4-gxjq-rx5c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29q4-gxjq-rx5c

Aliases

CVE-2021-21479

Published

2021-02-10T02:31:53Z

Modified

2024-12-02T05:49:22.896821Z

Summary

Remote Code Execution in SCIMono

Details

Impact

It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.

Patches

The issue was fixed on 0.0.19 version

Database specific

{
    "nvd_published_at": "2021-02-09T21:15:00Z",
    "cwe_ids": [
        "CWE-59",
        "CWE-62",
        "CWE-690",
        "CWE-74",
        "CWE-77",
        "CWE-917"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-10T01:48:45Z"
}

References

Affected packages

Maven / com.sap.scimono:scimono-server

Package

Name: com.sap.scimono:scimono-server; View open source insights on deps.dev
Purl: pkg:maven/com.sap.scimono/scimono-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.19

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.0.18