Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq
Improper Input Validation in Apache Unomi
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Permalink: https://github.com/advisories/GHSA-v6fq-q792-j46jJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-v6fq-q792-j46j, CVE-2020-11975
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-11975
- https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95@%3Ccommits.unomi.apache.org%3E
- http://unomi.apache.org/security/cve-2020-11975.txt
- https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460@%3Ccommits.unomi.apache.org%3E
- https://github.com/advisories/GHSA-v6fq-q792-j46j
Affected Packages
maven:org.apache.unomi:unomi
Dependent packages: 3Dependent repositories: 5
Downloads:
Affected Version Ranges: < 1.5.4
Fixed in: 1.5.4
All affected versions: 1.5.0, 1.5.1, 1.5.2, 1.5.3
All unaffected versions: 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0