CVE-2020-12668
MEDIUM6.5EPSS 0.33%Unauthorized access to Class instance in Jinjava
Published: 2/9/2022Modified: 11/8/2023
Also known as:GHSA-2hjr-fg6c-v2h6
Description
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
Affected packages (1)
- Maven/com.hubspot.jinjava:jinjavafrom 0, < 2.5.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-12668
- ADVISORYhttps://securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjava
- WEBhttps://github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4
- WEBhttps://github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213b
- WEBhttps://github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165
- WEBhttps://github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4