WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java

Description

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

Remediation

References

http://syncope.apache.org/security

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2019-10339 Vulnerability in maven package org.jenkins-ci.plugins:jx-resources

CVE-2016-4000 Vulnerability in maven package org.python:jython-standalone

CVE-2023-45138 Vulnerability in maven package org.xwiki.contrib.changerequest:application-changerequest-ui

CVE-2022-22932 Vulnerability in maven package org.apache.karaf:apache-karaf

Severity

Critical

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory