Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
apache / groovy 4.0.0-alpha1 4.0.0-alpha1.x
apache / groovy 3.0.0 3.0.6.x
apache / groovy 2.5.0 2.5.13.x
apache / groovy 2.0.0 2.4.20.x
oracle / primavera_unifier 16.2 16.2.x
oracle / primavera_unifier 16.1 16.1.x
oracle / ilearning 6.2 6.2.x
oracle / business_process_management_suite 12.2.1.3.0 12.2.1.3.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / primavera_unifier 17.7 17.12.x
oracle / agile_plm 9.3.3 9.3.3.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / primavera_unifier 19.12 19.12.x
oracle / retail_bulk_data_integration 15.0.3.0 15.0.3.0.x
oracle / retail_bulk_data_integration 16.0.3.0 16.0.3.0.x
oracle / communications_services_gatekeeper 7.0 7.0.x
oracle / retail_merchandising_system 16.0.3 16.0.3.x
oracle / communications_evolved_communications_application_server 7.1 7.1.x
oracle / primavera_unifier 20.12 20.12.x
oracle / business_process_management_suite 12.2.1.4.0 12.2.1.4.0.x
oracle / communications_services_gatekeeper 6.0 6.0.x
oracle / communications_services_gatekeeper 6.1 6.1.x
oracle / hospitality_opera_5 5.6 5.6.x
oracle / insurance_policy_administration 11.0 11.3.1.x
oracle / communications_brm_-_elastic_charging_engine 12.0.0.3 12.0.0.3.x
oracle / retail_store_inventory_management 15.0.3.5 15.0.3.5.x
oracle / retail_store_inventory_management 16.0.3.5 16.0.3.5.x
oracle / retail_store_inventory_management 14.1.3.10 14.1.3.10.x
oracle / ilearning 6.3 6.3.x
oracle / communications_brm_-_elastic_charging_engine 11.3.0.9.0 11.3.0.9.0.x
oracle / primavera_gateway 17.12.0 17.12.10.x
oracle / jd_edwards_enterpriseone_orchestrator 9.2.6.0 9.2.6.0.x
oracle / healthcare_data_repository 7.0.2 7.0.2.x
oracle / agile_plm_mcad_connector 3.4 3.4.x
oracle / agile_plm_mcad_connector 3.6 3.6.x
oracle / communications_diameter_signaling_router 8.4.0.0 8.4.0.0.x
apache / atlas 2.1.0 2.1.0.x
org.codehaus.groovy / groovy 2.0.0 2.4.21
org.codehaus.groovy / groovy 2.5.0 2.5.14
org.codehaus.groovy / groovy 3.0.0 3.0.7
oracle / agile_engineering_data_management 6.2.1.0 6.2.1.0.x