Moderate severityNVD Advisory· Published May 28, 2021· Updated Aug 4, 2024
CVE-2020-1729
CVE-2020-1729
Description
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.smallrye.config:smallrye-configMaven | < 1.6.2 | 1.6.2 |
Affected products
2- SmallRye/APIdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-54fx-gm74-q676ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1729ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/smallrye/smallrye-config/commit/fb0def6f61c09a2a80c9145e4ec6521225cd0b99ghsaWEB
News mentions
0No linked articles in our index yet.