Vulnerabilites related to dropwizard - dropwizard-validation
cve-2020-5245
Vulnerability from cvelistv5
Published
2020-02-24 17:35
Modified
2024-08-04 08:22
Severity ?
7.9 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Summary
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
References
https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqfx_refsource_CONFIRM
https://github.com/dropwizard/dropwizard/pull/3157x_refsource_MISC
https://github.com/dropwizard/dropwizard/pull/3160x_refsource_MISC
https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236x_refsource_MISC
https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634x_refsource_MISC
https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolationx_refsource_MISC
https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressionsx_refsource_MISC
https://docs.oracle.com/javaee/7/tutorial/jsf-el.htmx_refsource_MISC
Impacted products
Vendor Product Version
dropwizard dropwizard-validation Version: >= 1.3.0, < 1.3.19
Version: >= 2.0.0, < 2.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-5245",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T14:57:55.801469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:58:08.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3157",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/pull/3157"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/pull/3160",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/pull/3160"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
          },
          {
            "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
          },
          {
            "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
          },
          {
            "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
          },
          {
            "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dropwizard-validation",
          "vendor": "dropwizard",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.3.0, \u003c 1.3.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T16:42:31.207Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/pull/3157",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/pull/3157"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/pull/3160",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/pull/3160"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236"
        },
        {
          "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634"
        },
        {
          "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation"
        },
        {
          "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions"
        },
        {
          "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm"
        }
      ],
      "source": {
        "advisory": "GHSA-3mcp-9wr4-cjqf",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution (RCE) vulnerability in dropwizard-validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5245",
    "datePublished": "2020-02-24T17:35:20",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}