CVE-2020-5245 - OpenCVE

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dropwizard	Dropwizard Validation
Oracle	Blockchain Platform

Configuration 1 [-]

OR	cpe:2.3:a:dropwizard:dropwizard_validation::::::::
	cpe:2.3:a:dropwizard:dropwizard_validation::::::::

Configuration 2 [-]

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

References

Link	Resource
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation	Third Party Advisory
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions	Third Party Advisory
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm	Third Party Advisory
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/pull/3157	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/pull/3160	Patch Third Party Advisory
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-02-24T17:35:20

Updated: 2024-06-06T14:58:08.864Z

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5245

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-24T18:15:22.477

Modified: 2024-06-05T17:15:10.123

Link: CVE-2020-5245

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"title": "Remote Code Execution (RCE) vulnerability in dropwizard-validation", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"}, {"name": "https://github.com/dropwizard/dropwizard/pull/3157", "tags": ["x_refsource_MISC"], "url": "https://github.com/dropwizard/dropwizard/pull/3157"}, {"name": "https://github.com/dropwizard/dropwizard/pull/3160", "tags": ["x_refsource_MISC"], "url": "https://github.com/dropwizard/dropwizard/pull/3160"}, {"name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236", "tags": ["x_refsource_MISC"], "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"}, {"name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634", "tags": ["x_refsource_MISC"], "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"}, {"name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation", "tags": ["x_refsource_MISC"], "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"}, {"name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions", "tags": ["x_refsource_MISC"], "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"}, {"name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm", "tags": ["x_refsource_MISC"], "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"}], "affected": [{"vendor": "dropwizard", "product": "dropwizard-validation", "versions": [{"version": ">= 1.3.0, < 1.3.19", "status": "affected"}, {"version": ">= 2.0.0, < 2.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-05T16:42:31.207Z"}, "descriptions": [{"lang": "en", "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."}], "source": {"advisory": "GHSA-3mcp-9wr4-cjqf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T14:57:55.801469Z", "id": "CVE-2020-5245", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T14:58:08.864Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5245", "datePublished": "2020-02-24T17:35:20", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-06-06T14:58:08.864Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*", "matchCriteriaId": "6093F68F-E2FF-4A25-A709-79F315833DEF", "versionEndExcluding": "1.3.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*", "matchCriteriaId": "4522F31B-974E-4957-8A49-6B396C810720", "versionEndExcluding": "2.0.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7", "versionEndExcluding": "21.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."}, {"lang": "es", "value": "Dropwizard-Validation versiones anteriores a 1.3.19 y 2.0.2, puede permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el host system, con los privilegios de la cuenta de servicio de Dropwizard, mediante la inyecci\u00f3n de expresiones arbitrarias de Java Expression Language cuando se utiliza la funcionalidad self-validating. El problema se ha corregido en dropwizard-validation versiones 1.3.19 y 2.0.2."}], "id": "CVE-2020-5245", "lastModified": "2024-06-05T17:15:10.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-02-24T18:15:22.477", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"}, {"source": "security-advisories@github.com", "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dropwizard/dropwizard/pull/3157"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dropwizard/dropwizard/pull/3160"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}