CVE-2020-12668 – Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects …

Vuln ID: CVE-2020-12668

Published:  2021-02-19  23:15:12Z

Description: Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

Source: NVD.NIST.GOV