CVE-2020-17521

CWE-200 — Information Exposure CWE-37919 documents7 sources

Severity

5.5MEDIUM

EPSS

2.4%

top 15.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Groovy Oracle Insurance Policy Administration Oracle Primavera Gateway +18 more

Timeline

PublishedDec 7

Latest updateOct 15

Description

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1.…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages24 packages

▶NVDapache/groovy2.0.0 — 2.4.20+3

▶CVEListV5apache_software_foundation/apache_groovy4 versions+3

▶Mavenorg.codehaus.groovy:groovy2.0.0 — 2.4.21+2

▶Mavenorg.codehaus.groovy:groovy-all2.0.0 — 2.4.21+2

▶Debiangroovy< 2.4.21-1+3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Information Disclosure in Apache Groovy↗2020-12-09

▶

OSV

Information Disclosure in Apache Groovy↗2020-12-09

▶

OSV

CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories↗2020-12-07

▶

CVEList

CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories↗2020-12-07

▶

📋Vendor Advisories

Oracle

Oracle Oracle Systems Risk Matrix: Core (Apache Groovy) — CVE-2020-17521↗2025-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Connectors and Connector Server (Apache Groovy) — CVE-2020-17521↗2024-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: General (Apache Groovy) — CVE-2020-17521↗2023-07-15

▶

Oracle

Oracle Oracle iLearning Risk Matrix: Installation (Apache Groovy) — CVE-2020-17521↗2023-04-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Runtime Java agent for ODI (Apache Groovy) — CVE-2020-17521↗2022-10-15

▶