CVE-2020-12668
published 2021-02-19CVE-2020-12668: Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.81%
76.0th percentile
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hubspot | jinjava | < 2.5.4 | 2.5.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:C/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unauthorized access to Class instance in Jinjava
osv·2022-02-09
CVE-2020-12668 [MEDIUM] Unauthorized access to Class instance in Jinjava
Unauthorized access to Class instance in Jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
GHSA
Unauthorized access to Class instance in Jinjava
ghsa·2022-02-09
CVE-2020-12668 [MEDIUM] CWE-200 Unauthorized access to Class instance in Jinjava
Unauthorized access to Class instance in Jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4https://github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213bhttps://github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4https://securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjavahttps://github.com/HubSpot/jinjava/compare/jinjava-2.5.3...jinjava-2.5.4https://github.com/HubSpot/jinjava/pull/426/commits/5dfa5b87318744a4d020b66d5f7747acc36b213bhttps://github.com/HubSpot/jinjava/pull/435/commits/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.5.4https://securitylab.github.com/advisories/GHSL-2020-072-hubspot_jinjava
2021-02-19
Published