CVE-2020-1729
Permissions bypass in SmallRye
4.0
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
How to fix CVE-2020-1729
To remediate CVE-2020-1729, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.2 or later
Is CVE-2020-1729 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.0 | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N |