Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
References
Link | Resource |
---|---|
http://syncope.apache.org/security | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-05-04T12:28:53
Updated: 2020-05-04T12:28:53
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1961
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-04T13:15:14.033
Modified: 2020-05-07T16:12:23.150
Link: CVE-2020-1961
JSON object: View
Redhat Information
No data.
CWE