WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java

Description

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

Remediation

References

http://syncope.apache.org/security

Related Vulnerabilities

CVE-2014-3120 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2016-2402 Vulnerability in maven package com.squareup.okhttp:okhttp

CVE-2018-1000056 Vulnerability in maven package org.jenkins-ci.plugins:junit

CVE-2022-25209 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder

CVE-2020-5427 Vulnerability in maven package org.springframework.cloud:spring-cloud-dataflow-server-core

Severity

Critical

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory