Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1953

Опубликовано: 13 мар. 2020
Источник: nvd
CVSS3: 10
CVSS2: 7.5
EPSS Низкий

Описание

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02732
Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2020-1953

CVSS3: 10
ubuntu
почти 6 лет назад

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.

redhat логотип

CVE-2020-1953

CVSS3: 9
redhat
почти 6 лет назад

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.

debian логотип

CVE-2020-1953

CVSS3: 10
debian
почти 6 лет назад

Apache Commons Configuration uses a third-party library to parse YAML ...

github логотип

GHSA-7qx4-pp76-vrqh

CVSS3: 10
github
больше 5 лет назад

Remote code execution in Apache Commons Configuration

fstec логотип

BDU:2020-05036

CVSS3: 10
fstec
почти 6 лет назад

Уязвимость библиотеки библиотеки Apache Commons Configuration, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 86%
0.02732
Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo