Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2020-9296

Published: 16/06/2020 Updated: 29/10/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Conductor

Vulnerability Summary

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netflix conductor

Vendor Advisories

Check Point Security Alerts: Expression Language Server Side Template Injection (CVE-2020-9296)
Check Point Reference: CPAI-2024-0119 Date Published: 10 Apr 2024 Severity: Critical ...

Github Repositories

https://github.com/blirp/postnr-sb

Enkelt innbrudd i Java Spring Boot server vha. Hibernate Validator 6.1.x

postnr-sb Enkelt innbrudd i Java Spring Boot server vha Hibernate Validator 61x Byging og kjøring Applikasjonen bygges og kjøres med maven: mvn spring-boot:run API GET /postnr Søk i databasen over postnummer med en GET mot /postnr Søket tar inntil fire parametre Parameter Betydning Type pn Postnummer

https://github.com/blirp/postnr

Enkelt innbrudd i Java-server vha. Hibernate Validator 1.6.x

postnr - enkelt innbrudd i Hibernate Validator 61x API Søk i databasen over postnummer med en GET mot /postnr Søket tar inntil fire parametre Parameter Betydning pn Postnummer ps Poststed kn Kommunenr k Kommunenavn Ex: curl -s localhost:8080/postnr?pn=5230 Resultatet er en liste av poststeder som matcher s

References

CWE-917https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.mdhttps://nvd.nist.govhttps://github.com/blirp/postnr-sbhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0119.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook