What is CVE-2020-11975?

CVE-2020-11975 is a vulnerability in Apache Unomi. Published 2020-06-05.

Is CVE-2020-11975 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Unomi

CVE-2020-11975

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

EPSS: 0.839 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Unomi — versions Apache Unomi 1.0.0 to 1.5.0

Public proof-of-concept exploits

References

unomi.apache.org/security/cve-2020-11975.txt (x_refsource_MISC)
[unomi-commits] 20201113 svn commit: r1883398 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2020-13942.txt (mailing-list, x_refsource_MLIST)
[unomi-commits] 20210428 svn commit: r1889256 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2021-31164.txt (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-11975?: CVE-2020-11975 is a vulnerability in Apache Unomi. Published 2020-06-05.
Is CVE-2020-11975 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.