Description

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.

Remediation

References

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md

Related Vulnerabilities

CVE-2018-15756 Vulnerability in maven package org.springframework:spring-web

CVE-2018-13003 Vulnerability in maven package net.opentsdb:opentsdb

CVE-2021-23490 Vulnerability in npm package parse-link-header

CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2022-42466 Vulnerability in maven package org.apache.isis.viewer:isis-viewer-wicket-ui

Severity

Critical

Classification

CWE-917 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory