CVE-2020-1959Expression Language Injection in Apache Syncope

CWE-917Expression Language Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.6%
top 17.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SyncopeApache Software Foundation Apache Syncope
Timeline
PublishedMay 4
Latest updateJun 16

Description

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error mess

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/syncope2.1.02.1.6
CVEListV5apache_software_foundation/apache_syncopeApache Syncope 2.1.X releases prior to 2.1.6

🔴Vulnerability Details

3
GHSA
Expression Language Injection in Apache Syncope2021-06-16
OSV
Expression Language Injection in Apache Syncope2021-06-16
CVEList
CVE-2020-1959: A Server-Side Template Injection was identified in Apache Syncope prior to 22020-05-04
CVE-2020-1959 — Expression Language Injection in Apache | cvebase