Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01NGZ4LWdtNzQtcTY3Ns00HQ
Permissions bypass in SmallRye
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
Permalink: https://github.com/advisories/GHSA-54fx-gm74-q676JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NGZ4LWdtNzQtcTY3Ns00HQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 4.0
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Identifiers: GHSA-54fx-gm74-q676, CVE-2020-1729
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-1729
- https://github.com/smallrye/smallrye-config/commit/fb0def6f61c09a2a80c9145e4ec6521225cd0b99
- https://bugzilla.redhat.com/show_bug.cgi?id=1802444
- https://github.com/advisories/GHSA-54fx-gm74-q676
Blast Radius: 10.0
Affected Packages
maven:io.smallrye.config:smallrye-config
Dependent packages: 199Dependent repositories: 315
Downloads:
Affected Version Ranges: < 1.6.2
Fixed in: 1.6.2
All affected versions: 1.5.0, 1.5.1, 1.6.0, 1.6.1
All unaffected versions: 1.6.2, 1.7.0, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.12.0, 1.13.0, 1.13.1, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.8.0, 3.8.1