CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/pull/3157	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/pull/3160	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dropwizard:dropwizard_validation::::::::
	cpe:2.3:a:dropwizard:dropwizard_validation::::::::

Configuration 2 (hide)

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-24 18:15

Updated : 2024-06-05 17:15

NVD link : CVE-2020-5245

Mitre link : CVE-2020-5245

CVE.ORG link : CVE-2020-5245

JSON object : View

Products Affected

dropwizard

dropwizard_validation

oracle

blockchain_platform

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2020-5245", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}]}, "published": "2020-02-24T18:15:22.477", "references": [{"url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236", "source": "security-advisories@github.com"}, {"url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dropwizard/dropwizard/pull/3157", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dropwizard/dropwizard/pull/3160", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."}, {"lang": "es", "value": "Dropwizard-Validation versiones anteriores a 1.3.19 y 2.0.2, puede permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el host system, con los privilegios de la cuenta de servicio de Dropwizard, mediante la inyecci\u00f3n de expresiones arbitrarias de Java Expression Language cuando se utiliza la funcionalidad self-validating. El problema se ha corregido en dropwizard-validation versiones 1.3.19 y 2.0.2."}], "lastModified": "2024-06-05T17:15:10.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6093F68F-E2FF-4A25-A709-79F315833DEF", "versionEndExcluding": "1.3.19"}, {"criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4522F31B-974E-4957-8A49-6B396C810720", "versionEndExcluding": "2.0.2", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7", "versionEndExcluding": "21.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}

8.8 /10