cvelistv5 - cve-2020-5245

CVE-2020-5245 (GCVE-0-2020-5245)

Vulnerability from cvelistv5

Published

2020-02-24 17:35

Modified

2024-08-04 08:22

Severity ?

7.9 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Summary

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

References

►

URL

Tags

security-advisories@github.com	https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
security-advisories@github.com	https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
security-advisories@github.com	https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
security-advisories@github.com	https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/pull/3157	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/pull/3160	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/pull/3157	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/pull/3160	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	dropwizard	dropwizard-validation	Version: >= 1.3.0, < 1.3.19 Version: >= 2.0.0, < 2.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-5245",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T14:57:55.801469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:58:08.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3157",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/pull/3157"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3160",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/pull/3160"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
          },
          {
            "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
          },
          {
            "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
          },
          {
            "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dropwizard-validation",
          "vendor": "dropwizard",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.3.0, \u003c 1.3.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T16:42:31.207Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/pull/3157",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/pull/3157"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/pull/3160",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/pull/3160"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
        },
        {
          "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
        },
        {
          "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
        },
        {
          "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
        }
      ],
      "source": {
        "advisory": "GHSA-3mcp-9wr4-cjqf",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution (RCE) vulnerability in dropwizard-validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5245",
    "datePublished": "2020-02-24T17:35:20",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5245\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-02-24T18:15:22.477\",\"lastModified\":\"2024-11-21T05:33:45.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\\n\\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.\"},{\"lang\":\"es\",\"value\":\"Dropwizard-Validation versiones anteriores a 1.3.19 y 2.0.2, puede permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el host system, con los privilegios de la cuenta de servicio de Dropwizard, mediante la inyecci\u00f3n de expresiones arbitrarias de Java Expression Language cuando se utiliza la funcionalidad self-validating. El problema se ha corregido en dropwizard-validation versiones 1.3.19 y 2.0.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L\",\"baseScore\":7.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.19\",\"matchCriteriaId\":\"6093F68F-E2FF-4A25-A709-79F315833DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.2\",\"matchCriteriaId\":\"4522F31B-974E-4957-8A49-6B396C810720\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"}]}]}],\"references\":[{\"url\":\"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/pull/3157\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/pull/3160\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/pull/3157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/pull/3160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\", \"name\": \"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/pull/3157\", \"name\": \"https://github.com/dropwizard/dropwizard/pull/3157\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/pull/3160\", \"name\": \"https://github.com/dropwizard/dropwizard/pull/3160\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\", \"name\": \"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\", \"name\": \"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\", \"name\": \"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\", \"name\": \"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\", \"name\": \"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T08:22:09.091Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-5245\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-06T14:57:55.801469Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-06T14:58:03.428Z\"}}], \"cna\": {\"title\": \"Remote Code Execution (RCE) vulnerability in dropwizard-validation\", \"source\": {\"advisory\": \"GHSA-3mcp-9wr4-cjqf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"dropwizard\", \"product\": \"dropwizard-validation\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.3.0, \u003c 1.3.19\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.0.2\"}]}], \"references\": [{\"url\": \"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\", \"name\": \"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/pull/3157\", \"name\": \"https://github.com/dropwizard/dropwizard/pull/3157\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/pull/3160\", \"name\": \"https://github.com/dropwizard/dropwizard/pull/3160\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\", \"name\": \"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\", \"name\": \"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\", \"name\": \"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\", \"name\": \"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\", \"name\": \"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\\n\\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-06-05T16:42:31.207Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-5245\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-04T08:22:09.091Z\", \"dateReserved\": \"2020-01-02T00:00:00\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2020-02-24T17:35:20\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2020-5245

Vulnerability from fkie_nvd

Published

2020-02-24 18:15

Modified

2024-11-21 05:33

Severity ?

7.9 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
security-advisories@github.com	https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
security-advisories@github.com	https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
security-advisories@github.com	https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/pull/3157	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/pull/3160	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/pull/3157	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/pull/3160	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
dropwizard	dropwizard_validation	*
dropwizard	dropwizard_validation	*
oracle	blockchain_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6093F68F-E2FF-4A25-A709-79F315833DEF",
              "versionEndExcluding": "1.3.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4522F31B-974E-4957-8A49-6B396C810720",
              "versionEndExcluding": "2.0.2",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
              "versionEndExcluding": "21.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."
    },
    {
      "lang": "es",
      "value": "Dropwizard-Validation versiones anteriores a 1.3.19 y 2.0.2, puede permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el host system, con los privilegios de la cuenta de servicio de Dropwizard, mediante la inyecci\u00f3n de expresiones arbitrarias de Java Expression Language cuando se utiliza la funcionalidad self-validating. El problema se ha corregido en dropwizard-validation versiones 1.3.19 y 2.0.2."
    }
  ],
  "id": "CVE-2020-5245",
  "lastModified": "2024-11-21T05:33:45.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.9,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-24T18:15:22.477",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/pull/3157"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/pull/3160"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/pull/3157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/pull/3160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-3mcp-9wr4-cjqf

Vulnerability from github

Published

2020-02-24 17:27

Modified

2025-07-03 19:49

Severity ?

7.9 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Summary

Remote Code Execution (RCE) vulnerability in dropwizard-validation

Details

Summary

A server-side template injection was identified in the self-validating (@SelfValidating) feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability.

If you're using a self-validating bean (via @SelfValidating), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended.

Impact

This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary Java Expression Language (EL) expressions when using the self-validating feature (@SelfValidating, @SelfValidation) in dropwizard-validation.

Patches

The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2. We strongly recommend upgrading to one of these versions.

Workarounds

If you are not able to upgrade to one of the aforementioned versions of dropwizard-validation but still want to use the @SelfValidating feature, make sure to properly sanitize any message you're adding to the ViolationCollector in the method annotated with @SelfValidation.

Example: java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains("_")) { // Sanitize fullName variable by escaping relevant characters such as "$" col.addViolation("Full name contains invalid characters: " + sanitizeJavaEl(fullName)); } }

See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98

References

https://github.com/dropwizard/dropwizard/pull/3157
https://github.com/dropwizard/dropwizard/pull/3160
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation

For more information

If you have any questions or comments about this advisory: * Open an issue in dropwizard/dropwizard * Start a discussion on the dropwizard-dev mailing list

Security contact

If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our security policy:

https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.dropwizard:dropwizard-validation"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0-rc1"
            },
            {
              "fixed": "1.3.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.dropwizard:dropwizard-validation"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-02-24T17:27:14Z",
    "nvd_published_at": "2020-02-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\n### Summary\n\nA server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability.\n\nIf you\u0027re using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended.\n\n### Impact\n\nThis issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**.\n\n### Patches\n\nThe issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions.\n\n### Workarounds\n\nIf you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you\u0027re adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html).\n\nExample:\n```java\n@SelfValidation\npublic void validateFullName(ViolationCollector col) {\n    if (fullName.contains(\"_\")) {\n        // Sanitize fullName variable by escaping relevant characters such as \"$\"\n        col.addViolation(\"Full name contains invalid characters:  \" + sanitizeJavaEl(fullName));\n    }\n}\n```\n\nSee also:\nhttps://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98\n\n### References\n\n* https://github.com/dropwizard/dropwizard/pull/3157\n* https://github.com/dropwizard/dropwizard/pull/3160\n* https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm\n* https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions\n* https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new)\n* Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev)\n\n### Security contact\n\nIf you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy):\n\nhttps://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability",
  "id": "GHSA-3mcp-9wr4-cjqf",
  "modified": "2025-07-03T19:49:40Z",
  "published": "2020-02-24T17:27:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5245"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dropwizard/dropwizard/pull/3157"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dropwizard/dropwizard/pull/3160"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
    },
    {
      "type": "WEB",
      "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
    },
    {
      "type": "WEB",
      "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
    },
    {
      "type": "WEB",
      "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dropwizard/dropwizard"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote Code Execution (RCE) vulnerability in dropwizard-validation"
}

gsd-2020-5245

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5245

Aliases

CVE-2020-5245

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5245",
    "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.",
    "id": "GSD-2020-5245"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5245"
      ],
      "details": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.",
      "id": "GSD-2020-5245",
      "modified": "2023-12-13T01:22:03.879756Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5245",
        "STATE": "PUBLIC",
        "TITLE": "Remote Code Execution (RCE) vulnerability in dropwizard-validation"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "dropwizard-validation",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.3.19"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "dropwizard"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.9,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
            "refsource": "CONFIRM",
            "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3157",
            "refsource": "MISC",
            "url": "https://github.com/dropwizard/dropwizard/pull/3157"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3160",
            "refsource": "MISC",
            "url": "https://github.com/dropwizard/dropwizard/pull/3160"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
            "refsource": "MISC",
            "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
          },
          {
            "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
            "refsource": "MISC",
            "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
          },
          {
            "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
            "refsource": "MISC",
            "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
          },
          {
            "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
            "refsource": "MISC",
            "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-3mcp-9wr4-cjqf",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.3.19),[2.0.0,2.0.2)",
          "affected_versions": "All versions before 1.3.19, all versions starting from 2.0.0 before 2.0.2",
          "cvss_v2": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2021-05-21",
          "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.",
          "fixed_versions": [
            "1.3.19",
            "2.0.2"
          ],
          "identifier": "CVE-2020-5245",
          "identifiers": [
            "GHSA-3mcp-9wr4-cjqf",
            "CVE-2020-5245"
          ],
          "not_impacted": "All versions starting from 1.3.19 before 2.0.0, all versions starting from 2.0.2",
          "package_slug": "maven/io.dropwizard/dropwizard-validation",
          "pubdate": "2020-02-24",
          "solution": "Upgrade to versions 1.3.19, 2.0.2 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
            "https://github.com/dropwizard/dropwizard/pull/3157",
            "https://github.com/dropwizard/dropwizard/pull/3160",
            "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5245",
            "https://github.com/advisories/GHSA-3mcp-9wr4-cjqf"
          ],
          "uuid": "cadf8e58-014c-4226-8215-d50e1c41ed73"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.19",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.2",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "21.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5245"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/dropwizard/dropwizard/pull/3160",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dropwizard/dropwizard/pull/3160"
            },
            {
              "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
            },
            {
              "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
            },
            {
              "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
            },
            {
              "name": "https://github.com/dropwizard/dropwizard/pull/3157",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dropwizard/dropwizard/pull/3157"
            },
            {
              "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
            },
            {
              "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-05-12T15:00Z",
      "publishedDate": "2020-02-24T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5245 (GCVE-0-2020-5245)

Vulnerability from cvelistv5

fkie_cve-2020-5245

Vulnerability from fkie_nvd

ghsa-3mcp-9wr4-cjqf

Vulnerability from github

Summary

Impact

Patches

Workarounds

References

For more information

Security contact

gsd-2020-5245

Vulnerability from gsd

Tags

Sightings

Nomenclature