var-202012-1564
Vulnerability from variot
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. Apache Groovy Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Groovy is an object-oriented programming language based on the Java platform developed by the Apache Foundation of the United States.
Security Fix(es):
-
log4j-core (CVE-2020-9488, CVE-2021-44228)
-
nodejs-lodash (CVE-2019-10744)
-
libthrift (CVE-2020-13949)
-
xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)
-
undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)
-
xmlbeans (CVE-2021-23926)
-
batik (CVE-2020-11987)
-
xmlgraphics-commons (CVE-2020-11988)
-
tomcat (CVE-2020-13943)
-
bouncycastle (CVE-2020-15522, CVE-2020-15522)
-
groovy (CVE-2020-17521)
-
tomcat (CVE-2020-17527)
-
jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)
-
jackson-dataformat-cbor (CVE-2020-28491)
-
jboss-remoting (CVE-2020-35510)
-
kubernetes-client (CVE-2021-20218)
-
netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)
-
spring-web (CVE-2021-22118)
-
cxf-core (CVE-2021-22696)
-
json-smart (CVE-2021-27568)
-
jakarta.el (CVE-2021-28170)
-
commons-io (CVE-2021-29425)
-
sshd-core (CVE-2021-30129)
-
cxf-rt-rs-json-basic (CVE-2021-30468)
-
netty-codec (CVE-2021-37136, CVE-2021-37137)
-
jsoup (CVE-2021-37714)
-
poi (CVE-2019-12415)
-
mysql-connector-java (CVE-2020-2875, CVE-2020-2934)
-
wildfly (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Integration Camel-K 1.4 release and security update Advisory ID: RHSA-2021:3205-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2021:3205 Issue date: 2021-08-18 Cross references: RHBA-2021:79512-01 CVE Names: CVE-2020-13920 CVE-2020-17518 CVE-2020-17521 CVE-2020-26238 CVE-2020-27222 CVE-2020-27782 CVE-2020-28052 CVE-2020-29582 CVE-2021-20218 CVE-2021-27807 CVE-2021-27906 CVE-2021-30468 CVE-2021-31811 =====================================================================
- Summary:
A minor version update (from 1.3 to 1.4) is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
A minor version update (from 1.3 to 1.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)
-
californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)
-
undertow: special character in query results in server errors (CVE-2020-27782)
-
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
-
activemq: improper authentication allows MITM attack (CVE-2020-13920)
-
flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)
-
groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)
-
kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
-
pdfbox: infinite loop while loading a crafted PDF file (CVE-2021-27807)
-
cxf-rt-rs-json-basic: CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468)
-
kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)
-
pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-27906)
-
pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-31811)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930230 - CVE-2020-27222 californium-core: DTLS - DoS vulnerability for certificate based handshakes 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1971648 - CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
- References:
https://access.redhat.com/security/cve/CVE-2020-13920 https://access.redhat.com/security/cve/CVE-2020-17518 https://access.redhat.com/security/cve/CVE-2020-17521 https://access.redhat.com/security/cve/CVE-2020-26238 https://access.redhat.com/security/cve/CVE-2020-27222 https://access.redhat.com/security/cve/CVE-2020-27782 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2020-29582 https://access.redhat.com/security/cve/CVE-2021-20218 https://access.redhat.com/security/cve/CVE-2021-27807 https://access.redhat.com/security/cve/CVE-2021-27906 https://access.redhat.com/security/cve/CVE-2021-30468 https://access.redhat.com/security/cve/CVE-2021-31811 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q3
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRzPW9zjgjWX9erEAQiQhg//Wv8T0xe0RsVX2iYN5d3OYHtnEAFu2iyQ sLt4E+Ed6nR95DkWfqbC/YIpE2w9UXgZXYG31Roup+zGNYScSpkUliOyH8rPoH2R TKWcUOQ5FzhDtWvrpss3x7fZ9dCXw6d38FRPCLby9Z05I9fLGTjqRcZQr7W3jz9t xiTdEhGKED4cgnwpPkUIBiSOF5bAhDAhYmXw0e2wvm/1XhhAOcA85U0d0Ac9lLjS y07agVx5UZxEDd5rT7ATPlJwfprNQUJKb5Zg+RCOEs5vLMVRHajuW7rG0z+FfhdK ckz3nektLdOJDcaZj/MdjqB+MZtuXJ48WzBnmKRpCeS/FIOp9XrM0xjrYjCB1Eu6 ls03UI6sbg0zi+fw995mNNoKoq7ErEzKGN1ROh693P0fNGJkvxDopP3GEChTjsMZ PJTOyKQyRQ4B5OXmemsoBiwiggmCX3E0rvF1dNCfYA4kWRth/B4A3MaTvpcnm1kO rZKRbCLDQ2rCbtyKLSn/vROi6RYn/4wtz3IudJCZsZXWVAh48iGhLPxYwxabwbyi rgcslBGkdjdlC+RhKmlPnDyV+q0P+uPupoRCaMKBsIZwdfO9oUZ3Zq/FqfVsab/L 5rv8NunH7+HHXMEx6wBNfqLtQ0pvCmJu/lD719jibgIgK0zZ00tQ54Z25X38C0v6 tw7zI6hjLQY= =rVez -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1564", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "atlas", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.0" }, { "model": "agile engineering data management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.2.1.0" }, { "model": "groovy", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.5.0" }, { "model": "groovy", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "groovy", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "3.0.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.5" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "agile plm mcad connector", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.1" }, { "model": "healthcare data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0.2" }, { "model": "agile plm mcad connector", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.6" }, { "model": "ilearning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "groovy", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications brm - elastic charging engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.0.9.0" }, { "model": "retail bulk data integration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.5" }, { "model": "business process management suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "groovy", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "3.0.6" }, { "model": "business process management suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.10" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "groovy", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.4.20" }, { "model": "communications brm - elastic charging engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.0" }, { "model": "groovy", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.5.13" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "retail store inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.10" }, { "model": "hospitality opera 5", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "ilearning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.2" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.3" }, { "model": "retail bulk data integration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.0" }, { "model": "snapcenter", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "oracle retail bulk data integration", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "groovy", "scope": null, "trust": 0.8, "vendor": "apache", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165294" }, { "db": "PACKETSTORM", "id": "163874" }, { "db": "PACKETSTORM", "id": "163872" } ], "trust": 0.3 }, "cve": "CVE-2020-17521", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2020-17521", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-170708", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-17521", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-17521", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-17521", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-17521", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202012-422", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-170708", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2020-17521", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-170708" }, { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-422" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy\u0027s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. Apache Groovy Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Groovy is an object-oriented programming language based on the Java platform developed by the Apache Foundation of the United States. \n\nSecurity Fix(es):\n\n* log4j-core (CVE-2020-9488, CVE-2021-44228)\n\n* nodejs-lodash (CVE-2019-10744)\n\n* libthrift (CVE-2020-13949)\n\n* xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342,\nCVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346,\nCVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350,\nCVE-2021-21351)\n\n* undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)\n\n* xmlbeans (CVE-2021-23926)\n\n* batik (CVE-2020-11987)\n\n* xmlgraphics-commons (CVE-2020-11988)\n\n* tomcat (CVE-2020-13943)\n\n* bouncycastle (CVE-2020-15522, CVE-2020-15522)\n\n* groovy (CVE-2020-17521)\n\n* tomcat (CVE-2020-17527)\n\n* jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164,\nCVE-2021-28169, CVE-2021-34428)\n\n* jackson-dataformat-cbor (CVE-2020-28491)\n\n* jboss-remoting (CVE-2020-35510)\n\n* kubernetes-client (CVE-2021-20218)\n\n* netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)\n\n* spring-web (CVE-2021-22118)\n\n* cxf-core (CVE-2021-22696)\n\n* json-smart (CVE-2021-27568)\n\n* jakarta.el (CVE-2021-28170)\n\n* commons-io (CVE-2021-29425)\n\n* sshd-core (CVE-2021-30129)\n\n* cxf-rt-rs-json-basic (CVE-2021-30468)\n\n* netty-codec (CVE-2021-37136, CVE-2021-37137)\n\n* jsoup (CVE-2021-37714)\n\n* poi (CVE-2019-12415)\n\n* mysql-connector-java (CVE-2020-2875, CVE-2020-2934)\n\n* wildfly (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Integration Camel-K 1.4 release and security update\nAdvisory ID: RHSA-2021:3205-01\nProduct: Red Hat Integration\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3205\nIssue date: 2021-08-18\nCross references: RHBA-2021:79512-01\nCVE Names: CVE-2020-13920 CVE-2020-17518 CVE-2020-17521 \n CVE-2020-26238 CVE-2020-27222 CVE-2020-27782 \n CVE-2020-28052 CVE-2020-29582 CVE-2021-20218 \n CVE-2021-27807 CVE-2021-27906 CVE-2021-30468 \n CVE-2021-31811 \n=====================================================================\n\n1. Summary:\n\nA minor version update (from 1.3 to 1.4) is now available for Red Hat\nIntegration Camel K that includes bug fixes and enhancements. The purpose\nof this text-only errata is to inform you about the security issues fixed\nin this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nA minor version update (from 1.3 to 1.4) is now available for Red Hat Camel\nK that includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* cron-utils: template injection allows attackers to inject arbitrary Java\nEL expressions leading to remote code execution (CVE-2020-26238)\n\n* californium-core: DTLS - DoS vulnerability for certificate based\nhandshakes (CVE-2020-27222)\n\n* undertow: special character in query results in server errors\n(CVE-2020-27782)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility\npossible (CVE-2020-28052)\n\n* activemq: improper authentication allows MITM attack (CVE-2020-13920)\n\n* flink: apache-flink: directory traversal attack allows remote file\nwriting through the REST API (CVE-2020-17518)\n\n* groovy: OS temporary directory leads to information disclosure\n(CVE-2020-17521)\n\n* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path\ntraversal leading to integrity and availability compromise (CVE-2021-20218)\n\n* pdfbox: infinite loop while loading a crafted PDF file (CVE-2021-27807)\n\n* cxf-rt-rs-json-basic: CXF: Denial of service vulnerability in parsing\nJSON via JsonMapObjectReaderWriter (CVE-2021-30468)\n\n* kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary\nfile and folder creation which could result in information disclosure\n(CVE-2020-29582)\n\n* pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n(CVE-2021-27906)\n\n* pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n(CVE-2021-31811)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1901304 - CVE-2020-27782 undertow: special character in query results in server errors\n1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure\n1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise\n1930230 - CVE-2020-27222 californium-core: DTLS - DoS vulnerability for certificate based handshakes\n1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1971648 - CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13920\nhttps://access.redhat.com/security/cve/CVE-2020-17518\nhttps://access.redhat.com/security/cve/CVE-2020-17521\nhttps://access.redhat.com/security/cve/CVE-2020-26238\nhttps://access.redhat.com/security/cve/CVE-2020-27222\nhttps://access.redhat.com/security/cve/CVE-2020-27782\nhttps://access.redhat.com/security/cve/CVE-2020-28052\nhttps://access.redhat.com/security/cve/CVE-2020-29582\nhttps://access.redhat.com/security/cve/CVE-2021-20218\nhttps://access.redhat.com/security/cve/CVE-2021-27807\nhttps://access.redhat.com/security/cve/CVE-2021-27906\nhttps://access.redhat.com/security/cve/CVE-2021-30468\nhttps://access.redhat.com/security/cve/CVE-2021-31811\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2021-Q3\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRzPW9zjgjWX9erEAQiQhg//Wv8T0xe0RsVX2iYN5d3OYHtnEAFu2iyQ\nsLt4E+Ed6nR95DkWfqbC/YIpE2w9UXgZXYG31Roup+zGNYScSpkUliOyH8rPoH2R\nTKWcUOQ5FzhDtWvrpss3x7fZ9dCXw6d38FRPCLby9Z05I9fLGTjqRcZQr7W3jz9t\nxiTdEhGKED4cgnwpPkUIBiSOF5bAhDAhYmXw0e2wvm/1XhhAOcA85U0d0Ac9lLjS\ny07agVx5UZxEDd5rT7ATPlJwfprNQUJKb5Zg+RCOEs5vLMVRHajuW7rG0z+FfhdK\nckz3nektLdOJDcaZj/MdjqB+MZtuXJ48WzBnmKRpCeS/FIOp9XrM0xjrYjCB1Eu6\nls03UI6sbg0zi+fw995mNNoKoq7ErEzKGN1ROh693P0fNGJkvxDopP3GEChTjsMZ\nPJTOyKQyRQ4B5OXmemsoBiwiggmCX3E0rvF1dNCfYA4kWRth/B4A3MaTvpcnm1kO\nrZKRbCLDQ2rCbtyKLSn/vROi6RYn/4wtz3IudJCZsZXWVAh48iGhLPxYwxabwbyi\nrgcslBGkdjdlC+RhKmlPnDyV+q0P+uPupoRCaMKBsIZwdfO9oUZ3Zq/FqfVsab/L\n5rv8NunH7+HHXMEx6wBNfqLtQ0pvCmJu/lD719jibgIgK0zZ00tQ54Z25X38C0v6\ntw7zI6hjLQY=\n=rVez\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-170708" }, { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "PACKETSTORM", "id": "165294" }, { "db": "PACKETSTORM", "id": "163874" }, { "db": "PACKETSTORM", "id": "163872" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-17521", "trust": 2.9 }, { "db": "PACKETSTORM", "id": "165294", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-014820", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202012-422", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163872", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042631", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042297", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072096", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072130", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042306", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042549", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2816", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4253", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4535", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-170708", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-17521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163874", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-170708" }, { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "PACKETSTORM", "id": "165294" }, { "db": "PACKETSTORM", "id": "163874" }, { "db": "PACKETSTORM", "id": "163872" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-422" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "id": "VAR-202012-1564", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-170708" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:05:18.704000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update", "trust": 0.8, "url": "https://groovy-lang.org/security.html#CVE-2020-17521" }, { "title": "Debian CVElist Bug Report Logs: groovy: CVE-2020-17521", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1839dbcc81a10721ccd2ba081478e2ca" }, { "title": "Arch Linux Advisories: [ASA-202103-14] groovy: privilege escalation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-14" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-17521 log" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Other (CWE-Other) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://groovy-lang.org/security.html#cve-2020-17521" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20201218-0006/" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17521" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3cnotifications.groovy.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3cdev.atlas.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3cdev.atlas.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3cnotifications.groovy.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3cdev.atlas.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3cdev.atlas.apache.org%3e" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072130" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-groovy-information-disclosure-via-temporary-directories-34170" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042297" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6485653" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072096" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2816" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042306" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163872/red-hat-security-advisory-2021-3205-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042549" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4253" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4535/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042631" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165294/red-hat-security-advisory-2021-5134-05.html" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-17521" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20218" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27782" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-27782" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-30468" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13920" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29582" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27222" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2021-q3" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27222" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-17518" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29582" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26238" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26238" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977399" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2020-17521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35510" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3690" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28164" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21348" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12415" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28491" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21350" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28170" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12415" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-17527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11987" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21295" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37136" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34428" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3536" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29425" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15522" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35510" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21409" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13949" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21342" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23926" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5134" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27568" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22118" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3207" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html-single/getting_started_with_camel_quarkus_extensions/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30468" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28052" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27807" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27807" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28052" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3205" } ], "sources": [ { "db": "VULHUB", "id": "VHN-170708" }, { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "PACKETSTORM", "id": "165294" }, { "db": "PACKETSTORM", "id": "163874" }, { "db": "PACKETSTORM", "id": "163872" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-422" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-170708" }, { "db": "VULMON", "id": "CVE-2020-17521" }, { "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "db": "PACKETSTORM", "id": "165294" }, { "db": "PACKETSTORM", "id": "163874" }, { "db": "PACKETSTORM", "id": "163872" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-422" }, { "db": "NVD", "id": "CVE-2020-17521" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-07T00:00:00", "db": "VULHUB", "id": "VHN-170708" }, { "date": "2020-12-07T00:00:00", "db": "VULMON", "id": "CVE-2020-17521" }, { "date": "2021-09-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "date": "2021-12-15T15:25:47", "db": "PACKETSTORM", "id": "165294" }, { "date": "2021-08-18T15:25:13", "db": "PACKETSTORM", "id": "163874" }, { "date": "2021-08-18T15:23:11", "db": "PACKETSTORM", "id": "163872" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-12-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-422" }, { "date": "2020-12-07T20:15:12.633000", "db": "NVD", "id": "CVE-2020-17521" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-25T00:00:00", "db": "VULHUB", "id": "VHN-170708" }, { "date": "2021-04-23T00:00:00", "db": "VULMON", "id": "CVE-2020-17521" }, { "date": "2021-09-01T03:07:00", "db": "JVNDB", "id": "JVNDB-2020-014820" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-422" }, { "date": "2024-11-21T05:08:16.887000", "db": "NVD", "id": "CVE-2020-17521" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202012-422" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache\u00a0Groovy\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014820" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-422" } ], "trust": 1.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.