GHSA-54fx-gm74-q676

Source

https://github.com/advisories/GHSA-54fx-gm74-q676

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-54fx-gm74-q676/GHSA-54fx-gm74-q676.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-54fx-gm74-q676

Aliases

CVE-2020-1729

Published

2022-03-18T17:55:47Z

Modified

2023-11-08T04:02:40.663165Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Permissions bypass in SmallRye

Details

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2

References

Affected packages

Maven / io.smallrye.config:smallrye-config

Package

Name: io.smallrye.config:smallrye-config; View open source insights on deps.dev
Purl: pkg:maven/io.smallrye.config/smallrye-config

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2

Affected versions

1.*

1.5.0

1.5.1

1.6.0

1.6.1