Unrated severityNVD Advisory· Published Feb 22, 2021· Updated Sep 17, 2024
CVE-2020-36232
CVE-2020-36232
Description
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=4.2.0, <4.2.37 || >=4.3.0, <4.3.14 || >=4.3.2.0, <4.3.2.4 || >=4.4.0, <4.4.12 || >=5.0.0, <5.0.1+ 1 more
- (no CPE)range: >=4.2.0, <4.2.37 || >=4.3.0, <4.3.14 || >=4.3.2.0, <4.3.2.4 || >=4.4.0, <4.4.12 || >=5.0.0, <5.0.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/JRASERVER-72025mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.