CVE-2020-11975: Improper Input Validation

June 5, 2020 (updated July 21, 2021)

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

References

unomi.apache.org/security/cve-2020-11975.txt
nvd.nist.gov/vuln/detail/CVE-2020-11975

Code Behaviors & Features

Detect and mitigate CVE-2020-11975 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →