CVE-2020-17521

MEDIUM

Apache Groovy <4.0.0 - Info Disclosure

Title source: llm

Description

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

References (12)

Core 12

Core References

Third Party Advisory x_refsource_confirm

https://groovy-lang.org/security.html#CVE-2020-17521

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20201218-0006/

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2022.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 5.5

EPSS 0.0236

EPSS Percentile 85.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (39)

apache/atlas 2.1.0

apache/groovy 4.0.0 alpha1

apache/groovy 2.0.0 - 2.4.20

netapp/snapcenter

oracle/agile_engineering_data_management 6.2.1.0

oracle/agile_plm 9.3.3

oracle/agile_plm 9.3.6

oracle/agile_plm_mcad_connector 3.4

oracle/agile_plm_mcad_connector 3.6

oracle/business_process_management_suite 12.2.1.3.0

... and 29 more

Published Dec 07, 2020

Tracked Since Feb 18, 2026