← Back

CVE-2020-11994

nvd nist
Published: Jul 8, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

Affected (9)

Apache
1 product
Camel
Oracle
3 products
Communications Diameter Signaling Router
Enterprise Manager Base Platform
Enterprise Repository
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Camel
From 2.22.0 to 2.22.5
Camel
From 2.23.0 to 2.23.4
Camel
From 2.24.0 to 2.24.3
Camel
From 3.0.0 to 3.3.0
Camel
Version 2.25.0
Camel
Version 2.25.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Communications Diameter Signaling Router
From 8.0.0 to 8.5.0
Enterprise Manager Base Platform
Version 13.4.0.0
Enterprise Repository
Version 11.1.1.7.0

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (8)

Source: security@apache.org
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.