kork-artifacts-7.126.0.jar: 1 vulnerabilities (highest severity is: 6.5)

Vulnerable Library - kork-artifacts-7.126.0.jar

Path to dependency file: /front50-redis/front50-redis.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hubspot.jinjava/jinjava/2.5.2/cf1003580736161bb882817df0bc225d2d9cd2b8/jinjava-2.5.2.jar

Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (kork-artifacts version)	Remediation Possible**	Reachability
CVE-2020-12668	Medium	6.5	Not Defined	0.1%	jinjava-2.5.2.jar	Transitive	7.214.0	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-12668

### Vulnerable Library - jinjava-2.5.2.jar

Jinja templating engine implemented in Java

Library home page: https://github.com/HubSpot/jinjava

Path to dependency file: /front50-sql/front50-sql.gradle

Dependency Hierarchy: - kork-artifacts-7.126.0.jar (Root Library) - :x: **jinjava-2.5.2.jar** (Vulnerable Library)

Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262

Found in base branch: master

### Vulnerability Details

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

Publish Date: 2021-02-19

URL: CVE-2020-12668

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12668

Release Date: 2021-02-19

Fix Resolution (com.hubspot.jinjava:jinjava): 2.5.4

Direct dependency fix Resolution (io.spinnaker.kork:kork-artifacts): 7.214.0

:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.

:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.

jgeraigery / front50---Demo

kork-artifacts-7.126.0.jar: 1 vulnerabilities (highest severity is: 6.5) #70

Vulnerabilities

Details