WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java

Description

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

Remediation

References

http://syncope.apache.org/security

Related Vulnerabilities

CVE-2023-29511 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

CVE-2017-1000356 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-3859 Vulnerability in maven package io.undertow:undertow-core

CVE-2015-1814 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse

Severity

Critical

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory