CVE-2021-32834: Arbitrary Groovy script evaluation in Eclipse Keti
First published: Thu Sep 09 2021(Updated: )
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Keti |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-32834?
CVE-2021-32834 is a vulnerability in Eclipse Keti that allows a user to run arbitrary code by sending malicious Groovy scripts.
How does CVE-2021-32834 affect Eclipse Keti?
CVE-2021-32834 affects Eclipse Keti by allowing a user to escape the configured Groovy sandbox and run arbitrary code.
How severe is CVE-2021-32834?
CVE-2021-32834 has a severity rating of critical with a value of 9.9.
What is Attribute Based Access Control (ABAC)?
Attribute Based Access Control (ABAC) is a security model that determines access to resources based on attributes assigned to users and resources.
How can I fix CVE-2021-32834?
To fix CVE-2021-32834, update Eclipse Keti to a version that includes a patch for the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/eclipse
- canonical/eclipse keti