CVE-2020-24621: Path Traversal

September 25, 2020 (updated October 5, 2020)

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.

References

issues.openmrs.org/browse/HTML-730
nvd.nist.gov/vuln/detail/CVE-2020-24621

Detect and mitigate CVE-2020-24621 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →