Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

Published

2020-02-24T18:15:22.477

Last Modified

2024-11-21T05:33:45.297

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.9 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-74
Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dropwizard	dropwizard_validation	< 1.3.19	Yes
Application	dropwizard	dropwizard_validation	< 2.0.2	Yes
Application	oracle	blockchain_platform	< 21.1.2	Yes

References

https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation Third Party Advisory ([email protected])
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions Third Party Advisory ([email protected])
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm Third Party Advisory ([email protected])
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236 ([email protected])
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634 Patch, Third Party Advisory ([email protected])
https://github.com/dropwizard/dropwizard/pull/3157 Patch, Third Party Advisory ([email protected])
https://github.com/dropwizard/dropwizard/pull/3160 Patch, Third Party Advisory ([email protected])
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf Exploit, Third Party Advisory ([email protected])
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dropwizard/dropwizard/pull/3157 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dropwizard/dropwizard/pull/3160 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)