UBUNTU-CVE-2020-17521

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-17521

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-17521.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-17521

Related

CVE-2020-17521

Published

2020-12-07T20:15:00Z

Modified

2024-10-15T14:07:34Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

References

Affected packages

Ubuntu:Pro:16.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.0~beta2+isreally1.8.6-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / groovy2

Package

Name: groovy2
Purl: pkg:deb/ubuntu/groovy2?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.3+dfsg-2ubuntu1

2.4.3+dfsg-3

2.4.5-1

2.4.5-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.8-2

2.4.8-3

2.4.14-1

2.4.15-1ubuntu1

2.4.16-1ubuntu1~18.04.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.16-2ubuntu1

2.4.17-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.21-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.21-10

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.21-8

2.4.21-9

2.4.21-10

Ecosystem specific

{
    "ubuntu_priority": "low"
}