Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config

Description

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1802444

Related Vulnerabilities

CVE-2023-41339 Vulnerability in maven package org.geoserver:gs-wms

CVE-2022-46366 Vulnerability in maven package tapestry:tapestry

CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx

CVE-2021-23784 Vulnerability in npm package tempura

CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Medium

Classification

CWE-863 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Patch Vendor Advisory