You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: atlasdb/atlasdb-console/build.gradle
Path to vulnerable library: /tmp/ws-ua_20200721203135_LZXOVU/downloadResource_NZFWTT/20200721204717/groovy-all-2.4.4.jar,20200721203135_LZXOVU/downloadResource_NZFWTT/20200721204717/groovy-all-2.4.4.jar
Path to dependency file: atlasdb/atlasdb-console-distribution/build.gradle
Path to vulnerable library: canner/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy/2.4.4/62dc4f50804c40f3233977e2d3d1a4abca60bc41/groovy-2.4.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy/2.4.4/62dc4f50804c40f3233977e2d3d1a4abca60bc41/groovy-2.4.4.jar
Dependency Hierarchy:
❌ groovy-2.4.4.jar (Vulnerable Library)
Vulnerability Details
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
CVE-2020-17521 - Medium Severity Vulnerability
Vulnerable Libraries - groovy-all-2.4.4.jar, groovy-2.4.4.jar
groovy-all-2.4.4.jar
Groovy: A powerful, dynamic language for the JVM
Library home page: http://groovy-lang.org
Path to dependency file: atlasdb/atlasdb-console/build.gradle
Path to vulnerable library: /tmp/ws-ua_20200721203135_LZXOVU/downloadResource_NZFWTT/20200721204717/groovy-all-2.4.4.jar,20200721203135_LZXOVU/downloadResource_NZFWTT/20200721204717/groovy-all-2.4.4.jar
Dependency Hierarchy:
groovy-2.4.4.jar
Groovy: A powerful, dynamic language for the JVM
Library home page: http://groovy-lang.org
Path to dependency file: atlasdb/atlasdb-console-distribution/build.gradle
Path to vulnerable library: canner/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy/2.4.4/62dc4f50804c40f3233977e2d3d1a4abca60bc41/groovy-2.4.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy/2.4.4/62dc4f50804c40f3233977e2d3d1a4abca60bc41/groovy-2.4.4.jar
Dependency Hierarchy:
Vulnerability Details
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Publish Date: 2020-12-07
URL: CVE-2020-17521
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/GROOVY-9824
Release Date: 2020-12-07
Fix Resolution: org.codehaus.groovy:groovy-all:2.4.21,2.5.14,3.0.7
The text was updated successfully, but these errors were encountered: