Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config

Description

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1802444

Related Vulnerabilities

CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk15to18

CVE-2016-10542 Vulnerability in maven package org.webjars.npm:ws

CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core

CVE-2023-49803 Vulnerability in npm package @koa/cors

Severity

Medium

Classification

CWE-863 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Patch Vendor Advisory