{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T15:09:49.672","vulnerabilities":[{"cve":{"id":"CVE-2020-5245","sourceIdentifier":"security-advisories@github.com","published":"2020-02-24T18:15:22.477","lastModified":"2024-11-21T05:33:45.297","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2."},{"lang":"es","value":"Dropwizard-Validation versiones anteriores a 1.3.19 y 2.0.2, puede permitir una ejecución de código arbitraria en el host system, con los privilegios de la cuenta de servicio de Dropwizard, mediante la inyección de expresiones arbitrarias de Java Expression Language cuando se utiliza la funcionalidad self-validating. El problema se ha corregido en dropwizard-validation versiones 1.3.19 y 2.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.19","matchCriteriaId":"6093F68F-E2FF-4A25-A709-79F315833DEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:dropwizard:dropwizard_validation:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.2","matchCriteriaId":"4522F31B-974E-4957-8A49-6B396C810720"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.2","matchCriteriaId":"D0DBC938-A782-433F-8BF1-CA250C332AA7"}]}]}],"references":[{"url":"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236","source":"security-advisories@github.com"},{"url":"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/pull/3157","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/pull/3160","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/pull/3157","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/pull/3160","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}