CVE-2020-12668

CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-12668" target="_blank" rel="noopener" rel="noreferrer"> CVE-2020-12668
GHSA: <a href="https://github.com/advisories/GHSA-2hjr-fg6c-v2h6" target="_blank" rel="noopener" rel="noreferrer"> GHSA-2hjr-fg6c-v2h6
Published: Feb 20, 2021
Updated: May 9, 2024
Exploit:

Description

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

CVE-2020-12668

Description