CVE-2020-5245 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.9 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
GitHub_M	CNA	7.9 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
dropwizard	dropwizard_validation	𝑥 < 1.3.19
dropwizard	dropwizard_validation	2.0.0 ≤ 𝑥 < 2.0.2
oracle	blockchain_platform	𝑥 < 21.1.2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation

https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions

https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm

https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236

https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634

https://github.com/dropwizard/dropwizard/pull/3157

https://github.com/dropwizard/dropwizard/pull/3160

https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf

https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation

https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions

https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm

https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236

https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634

https://github.com/dropwizard/dropwizard/pull/3157

https://github.com/dropwizard/dropwizard/pull/3160

https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf