Server-Side Template Injection and arbitrary file disclosure on Camel templating components
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E | |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-07-08 16:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-11994
Mitre link : CVE-2020-11994
CVE.ORG link : CVE-2020-11994
JSON object : View
Products Affected
oracle
- enterprise_repository
- enterprise_manager_base_platform
- communications_diameter_signaling_router
apache
- camel
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')