GHSA-2hjr-fg6c-v2h6

Source

https://github.com/advisories/GHSA-2hjr-fg6c-v2h6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-2hjr-fg6c-v2h6/GHSA-2hjr-fg6c-v2h6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2hjr-fg6c-v2h6

Aliases

CVE-2020-12668

Published

2022-02-09T00:33:56Z

Modified

2023-11-08T04:02:11.102808Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Unauthorized access to Class instance in Jinjava

Details

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

Database specific

{
    "nvd_published_at": "2021-02-19T23:15:00Z",
    "github_reviewed_at": "2021-03-29T22:59:44Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / com.hubspot.jinjava:jinjava

Package

Name: com.hubspot.jinjava:jinjava; View open source insights on deps.dev
Purl: pkg:maven/com.hubspot.jinjava/jinjava

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11-java7

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.3

2.3.4

2.3.5

2.3.6

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.4.10

2.4.11

2.4.12

2.4.13

2.4.14

2.4.15

2.5.0

2.5.1

2.5.2

2.5.3