PT-2020-5507 · Apache+1 · Apache Groovy+1

Published

2020-12-07

Updated

2024-06-15

CVE-2020-17521

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Groovy versions 2.0 through 2.4.20 Apache Groovy versions 2.5.0 through 2.5.13 Apache Groovy versions 3.0.0 through 3.0.6 Apache Groovy version 4.0.0-alpha-1

Description The issue is related to the creation of temporary directories in Apache Groovy, where the implementation uses a superseded Java JDK method call that may not be secure in some contexts. This could potentially allow an attacker to disclose protected information. Users not using the affected extension methods are not affected.

Recommendations For Apache Groovy versions 2.0 through 2.4.20, update to version 2.4.21 or later. For Apache Groovy versions 2.5.0 through 2.5.13, update to version 2.5.14 or later. For Apache Groovy versions 3.0.0 through 3.0.6, update to version 3.0.7 or later. For Apache Groovy version 4.0.0-alpha-1, update to version 4.0.0-alpha-2 or later.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-379CWE-276

Related Identifiers

BDU:2021-00960

CVE-2020-17521

GHSA-RCJJ-H6GH-JF3R

OPENSUSE-SU-2020:2367-1

OPENSUSE-SU-2020_2367-1

OPENSUSE-SU-2024:10823-1

SUSE-SU-2020:3917-1

SUSE-SU-2020_3917-1

Affected Products

Apache Groovy

Suse

PT-2020-5507 · Apache+1 · Apache Groovy+1

CVE-2020-17521

Weakness Enumeration

Related Identifiers

Affected Products

References · 42