Description

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.

Remediation

References

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-002.md

Related Vulnerabilities

CVE-2023-2138 Vulnerability in npm package @nuxtlabs/github-module

CVE-2020-7674 Vulnerability in npm package access-policy

CVE-2019-14653 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md

CVE-2016-10635 Vulnerability in npm package broccoli-closure

CVE-2020-5259 Vulnerability in maven package org.webjars.npm:dojox

Severity

Critical

Classification

CWE-917 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory