Home > Vulnerability Database > CVE-2020-17521

Mend.io Vulnerability Database

CVE-2020-17521

Good to know:

Date: December 7, 2020

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

Language: GROOVY

Severity Score

5.5

Related Resources (22)

Url: https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E

Url: https://www.oracle.com/security-alerts/cpuApr2021.html

Url: https://access.redhat.com/security/cve/CVE-2020-17521

Url: https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-17521

Url: https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3Cdev.atlas.apache.org%3E

Url: https://security.netapp.com/advisory/ntap-20201218-0006/

Url: https://www.oracle.com/security-alerts/cpujan2021.html

Url: https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://github.com/apache/groovy

Url: https://groovy-lang.org/security.html#CVE-2020-17521

Url: https://github.com/apache/groovy/commit/bcbe5c4c76db83736166530647c024ac1e47ef28

Url: https://github.com/apache/groovy/pull/1425

Url: https://security.netapp.com/advisory/ntap-20201218-0006

Url: https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3Cdev.atlas.apache.org%3E

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://www.oracle.com//security-alerts/cpujul2021.html

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2020-17521

Severity Score

5.5

Weakness Type (CWE)

Creation of Temporary File in Directory with Insecure Permissions

CWE-379

Top Fix

Upgrade Version

Upgrade to version org.codehaus.groovy:groovy-all:2.4.21,2.5.14,3.0.7

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-17521

Good to know:

Date: December 7, 2020

Language: GROOVY

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?