CVE-2020-12668
MEDIUM6.5EPSS 0.33%Unauthorized access to Class instance in Jinjava
發布日:2022/2/9修改日:2023/11/8
描述
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
受影響套件(1)
- Maven/com.hubspot.jinjava:jinjavafrom 0, < 2.5.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-12668
- ADVISORYhttps://securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjava
- WEBhttps://github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4
- WEBhttps://github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213b
- WEBhttps://github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165
- WEBhttps://github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4