Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq

Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Permalink: https://github.com/advisories/GHSA-v6fq-q792-j46j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-v6fq-q792-j46j, CVE-2020-11975
References: Blast Radius: 6.8

Affected Packages

maven:org.apache.unomi:unomi
Dependent packages: 3
Dependent repositories: 5
Downloads:
Affected Version Ranges: < 1.5.4
Fixed in: 1.5.4
All affected versions: 1.5.0, 1.5.1, 1.5.2, 1.5.3
All unaffected versions: 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0