Dropwizard Validation
By the Year
In 2024 there have been 0 vulnerabilities in Dropwizard Validation . Dropwizard Validation did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 8.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Dropwizard Validation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dropwizard Validation Security Vulnerabilities
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability
CVE-2020-11002
8.8 - High
- April 10, 2020
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.
Injection
Dropwizard-Validation before 1.3.19, and 2.0.2 may
CVE-2020-5245
8.8 - High
- February 24, 2020
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Blockchain Platform or by Dropwizard? Click the Watch button to subscribe.
