LycsHub

2 exploits Active since Jan 2019

CVE-2020-5245 NOMISEC HIGH WORKING POC

Dropwizard Validation < 1.3.19 - Injection

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

CVSS 7.9

View Code

CVE-2018-18893 NOMISEC MEDIUM WORKING POC

Jinjava <2.4.6 - Info Disclosure

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.

CVSS 5.3

View Code