https://bugzilla.redhat.com/show_bug.cgi?id=1933808
Bug ID: 1933808
Summary: CVE-2020-11987 batik: SSRF due to improper input
validation by the NodePickerPanel
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akurtako(a)redhat.com,
andjrobins(a)gmail.com, chazlett(a)redhat.com,
dbhole(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jkang(a)redhat.com, jochrist(a)redhat.com,
jvanek(a)redhat.com, jwon(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Other
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by
improper input validation by the NodePickerPanel. By using a specially-crafted
argument, an attacker could exploit this vulnerability to cause the underlying
server to make arbitrary GET requests.
References:
https://xmlgraphics.apache.org/security.htmlhttps://www.openwall.com/lists/oss-security/2021/02/24/2
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1937440
Bug ID: 1937440
Summary: CVE-2020-13936 velocity: arbitrary code execution when
attacker is able to modify templates
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, akurtako(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
andjrobins(a)gmail.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
bbaranow(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, darran.lofthouse(a)redhat.com,
dbhole(a)redhat.com, decathorpe(a)gmail.com,
devrim(a)gunduz.org, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, fjuma(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jcoleman(a)redhat.com, jerboaa(a)gmail.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lgao(a)redhat.com,
loleary(a)redhat.com, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rgrunber(a)redhat.com,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, spinder(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tflannag(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, tom.jenkinson(a)redhat.com,
yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container. This applies to applications that allow
untrusted users to upload/modify velocity templates running Apache Velocity
Engine versions up to 2.2.
References:
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a…http://www.openwall.com/lists/oss-security/2021/03/10/1
--
You are receiving this mail because:
You are on the CC list for the bug.