5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-17521

GHSA ID

GHSA-rcjj-h6gh-jf3r

EPSS Score

0.57244%

CWE

CWE-379

Published

12/9/2020

Updated

10/17/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-17521

CVE-2020-17521: Information Disclosure in Apache Groovy

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

(GitHub Advisory)

5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-17521

GHSA ID

GHSA-rcjj-h6gh-jf3r

EPSS Score

0.57244%

CWE

CWE-379

Published

12/9/2020

Updated

10/17/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.codehaus.groovy:groovy	maven	>= 2.0.0, < 2.4.21	2.4.21
org.codehaus.groovy:groovy	maven	>= 2.5.0, < 2.5.14	2.5.14
org.codehaus.groovy:groovy	maven	>= 3.0.0, < 3.0.7	3.0.7
org.codehaus.groovy:groovy-all	maven	>= 2.0.0, < 2.4.21	2.4.21
org.codehaus.groovy:groovy-all	maven	>= 2.5.0, < 2.5.14	2.5.14
org.codehaus.groovy:groovy-all	maven	>= 3.0.0, < 3.0.7	3.0.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*p**** *roovy provi**s *xt*nsion m*t*o*s to *i* wit* *r**tin* t*mpor*ry *ir**tori*s. Prior to t*is *ix, *roovy's impl*m*nt*tion o* t*os* *xt*nsion m*t*o*s w*s usin* * now sup*rs**** J*v* J*K m*t*o* **ll t**t is pot*nti*lly not s**ur* on som* op*r*tin

Reasoning

No *n*lysis *v*il**l*

5.5

Basic Information

Concerned about an active attack path?

CVE-2020-17521: Information Disclosure in Apache Groovy

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI