CVE-2020-17521: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

Affected

47 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	atlas	—	—
apache	groovy	—	—
apache	groovy	>= 0 < 2.4.21-1	2.4.21-1
apache	groovy	>= 0 < 2.4.21-1	2.4.21-1
apache	groovy	>= 0 < 2.4.21-1	2.4.21-1
apache	groovy	>= 0 < 2.4.21-1	2.4.21-1
apache	groovy	2.0.0 – 2.4.20	—
apache	groovy	2.5.0 – 2.5.13	—
apache	groovy	3.0.0 – 3.0.6	—
apache_software_foundation	apache_groovy	—	—
apache_software_foundation	apache_groovy	—	—
apache_software_foundation	apache_groovy	—	—
apache_software_foundation	apache_groovy	—	—
debian	groovy	< groovy 2.4.21-1 (bookworm)	groovy 2.4.21-1 (bookworm)
oracle	agile_engineering_data_management	—	—
oracle	agile_plm	—	—
oracle	agile_plm	—	—
oracle	agile_plm_mcad_connector	—	—
oracle	agile_plm_mcad_connector	—	—
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	communications_brm_elastic_charging_engine	—	—
oracle	communications_brm_elastic_charging_engine	—	—
oracle	communications_diameter_signaling_router	—	—
oracle	communications_evolved_communications_application_server	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

osv5.5MEDIUM