← Back

CVE-2020-1953

nvd nist
Published: Mar 13, 2020Modified: Nov 21, 2024

JSON object

Loading...
10.0
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD

Description

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.

Affected (14)

Apache
1 product
Commons Configuration
Oracle
2 products
Database Server
Healthcare Foundation
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Commons Configuration
Version 2.2
Commons Configuration
Version 2.3
Commons Configuration
Version 2.4
Commons Configuration
Version 2.5
Commons Configuration
Version 2.6
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Database Server
Version 11.2.0.4
Database Server
Version 12.1.0.2
Database Server
Version 12.2.0.1
Database Server
Version 18c
Database Server
Version 19c
Oracle
Healthcare Foundation
Version 7.1.1
Healthcare Foundation
Version 7.2.0
Healthcare Foundation
Version 7.2.1
Healthcare Foundation
Version 7.3.0

References (8)

Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.