WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java

Description

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

Remediation

References

http://syncope.apache.org/security

Related Vulnerabilities

CVE-2022-24858 Vulnerability in npm package next-auth

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-core

CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-web-api

CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty

CVE-2015-8858 Vulnerability in maven package org.webjars.npm:uglify-js

Severity

Critical

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory