Vulnerability Details : CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.
The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
Products affected by CVE-2020-5245
- cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*
- cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5245
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5245
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
7.9
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L |
1.3
|
6.0
|
GitHub, Inc. |
CWE ids for CVE-2020-5245
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2020-5245
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://github.com/dropwizard/dropwizard/pull/3157
Escape EL expressions in ViolationCollector by joschi · Pull Request #3157 · dropwizard/dropwizard · GitHubPatch;Third Party Advisory
-
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm
9 Expression Language (Release 7)Third Party Advisory
-
https://github.com/dropwizard/dropwizard/pull/3160
Escape EL expressions in ViolationCollector by joschi · Pull Request #3160 · dropwizard/dropwizard · GitHubPatch;Third Party Advisory
-
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf
Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2 · Advisory · dropwizard/dropwizard · GitHubExploit;Third Party Advisory
-
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation
Jakarta Bean Validation specificationThird Party Advisory
-
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
Escape EL expressions in ViolationCollector (#3160) · dropwizard/dropwizard@28479f7 · GitHub
-
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions
Hibernate Validator 6.1.2.Final - Jakarta Bean Validation Reference Implementation: Reference GuideThird Party Advisory
-
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634
Escape EL expressions in ViolationCollector (#3157) · dropwizard/dropwizard@d87d1e4 · GitHubPatch;Third Party Advisory
Jump to