Miggo Logo

CVE-2020-11002: Remote Code Execution (RCE) vulnerability in dropwizard-validation

8.1

CVSS Score
3.1

Basic Information

EPSS Score
0.82843%
Published
4/10/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.dropwizard:dropwizard-validationmaven< 1.3.211.3.21
io.dropwizard:dropwizard-validationmaven>= 2.0.0, < 2.0.32.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper sanitization of user-controlled input in validation messages. The ViolationCollector's addViolation methods directly used unsanitized message templates, and the escapeEl method's regex pattern (ESCAPE_PATTERN = Pattern.compile("\\$\\{") in pre-patch versions) was insufficient to prevent all EL injection vectors. The patch introduced InterpolationHelper.escapeMessageParameter and a more robust sanitizeTemplate method, confirming the original functions' vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry * s*rv*r-si** t*mpl*t* inj**tion w*s i**nti*i** in t** s*l*-v*li**tin* ([`@S*l*V*li**tin*`](*ttps://j*v**o*.io/st*ti*/io.*ropwiz*r*/*ropwiz*r*-proj**t/*.*.*/io/*ropwiz*r*/v*li**tion/s*l*v*li**tin*/S*l*V*li**tin*.*tml)) ***tur* o* ***ropw

Reasoning

T** vuln*r**ility st*ms *rom improp*r s*nitiz*tion o* us*r-*ontroll** input in `v*li**tion` m*ss***s. T** `Viol*tion*oll**tor`'s `***Viol*tion` m*t*o*s *ir**tly us** uns*nitiz** m*ss*** t*mpl*t*s, *n* t** `*s**p**l` m*t*o*'s r***x p*tt*rn (`*S**P*_P*