PT-2021-9464 · Jinjava · Jinjava

Alvaro Muñoz

Published

2021-02-19

Updated

2022-02-09

CVE-2020-12668

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jinjava versions prior to 2.5.4

Description The issue allows access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could lead to abuse of the application class loader, including Arbitrary File Disclosure.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive classes and objects passed into the Jinjava context to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-863

Related Identifiers

CVE-2020-12668

GHSA-2HJR-FG6C-V2H6

Affected Products

Jinjava

PT-2021-9464 · Jinjava · Jinjava

CVE-2020-12668

Weakness Enumeration

Related Identifiers

Affected Products

References · 9