CVE-2020-11975 – org.apache.unomi:unomi

Package

Manager: maven
Name: org.apache.unomi:unomi
Vulnerable Version: >=0 <1.5.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.8271 pctl0.99196

Details

Improper Input Validation in Apache Unomi Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Metadata

Created: 2022-02-09T23:20:47Z
Modified: 2021-04-14T19:36:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-v6fq-q792-j46j/GHSA-v6fq-q792-j46j.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-v6fq-q792-j46j
Finding: F184
Auto approve: 1