CVE-2020-11975

Опубликовано: 05 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Ссылки

http://unomi.apache.org/security/cve-2020-11975.txt
Patch
Vendor Advisory
https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3E
https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3E
http://unomi.apache.org/security/cve-2020-11975.txt
Patch
Vendor Advisory
https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3E
https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*

Версия до 1.5.1 (исключая)

EPSS

Процентиль: 99%

0.86058

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-v6fq-q792-j46j