CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
References
Link Resource
https://groovy-lang.org/security.html#CVE-2020-17521 Third Party Advisory
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
https://security.netapp.com/advisory/ntap-20201218-0006/ Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
https://groovy-lang.org/security.html#CVE-2020-17521 Third Party Advisory
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
https://security.netapp.com/advisory/ntap-20201218-0006/ Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.5:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:apache:atlas:2.1.0:-:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () https://groovy-lang.org/security.html#CVE-2020-17521 - Third Party Advisory () https://groovy-lang.org/security.html#CVE-2020-17521 - Third Party Advisory
References () https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E - () https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E -
References () https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E - () https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E -
References () https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E - () https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E -
References () https://security.netapp.com/advisory/ntap-20201218-0006/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20201218-0006/ - Third Party Advisory
References () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3Cdev.atlas.apache.org%3E', 'name': '[atlas-dev] 20210422 [jira] [Updated] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3Cdev.atlas.apache.org%3E', 'name': '[atlas-dev] 20210422 [jira] [Created] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E', 'name': '[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E -
  • () https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E -
  • () https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E -

Information

Published : 2020-12-07 20:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17521

Mitre link : CVE-2020-17521

CVE.ORG link : CVE-2020-17521


JSON object : View

Products Affected

oracle

  • communications_services_gatekeeper
  • healthcare_data_repository
  • agile_engineering_data_management
  • jd_edwards_enterpriseone_orchestrator
  • primavera_gateway
  • insurance_policy_administration
  • agile_plm_mcad_connector
  • primavera_unifier
  • hospitality_opera_5
  • agile_plm
  • retail_bulk_data_integration
  • retail_store_inventory_management
  • communications_evolved_communications_application_server
  • communications_brm_-_elastic_charging_engine
  • ilearning
  • business_process_management_suite
  • communications_diameter_signaling_router
  • retail_merchandising_system

apache

  • atlas
  • groovy

netapp

  • snapcenter