10
CVE-2020-1953
- EPSS 2.73%
- Published 13.03.2020 15:15:11
- Last modified 21.11.2024 05:11:43
- Source security@apache.org
- Teams watchlist Login
- Open Login
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Commons Configuration Version2.2
Apache ≫ Commons Configuration Version2.3
Apache ≫ Commons Configuration Version2.4
Apache ≫ Commons Configuration Version2.5
Apache ≫ Commons Configuration Version2.6
Oracle ≫ Database Server Version11.2.0.4
Oracle ≫ Database Server Version12.1.0.2
Oracle ≫ Database Server Version12.2.0.1
Oracle ≫ Database Server Version18c
Oracle ≫ Database Server Version19c
Oracle ≫ Healthcare Foundation Version7.1.1
Oracle ≫ Healthcare Foundation Version7.2.0
Oracle ≫ Healthcare Foundation Version7.2.1
Oracle ≫ Healthcare Foundation Version7.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.73% | 0.854 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|