{"id":"CVE-2020-6754","details":"dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).","modified":"2026-04-11T13:53:22.159989Z","published":"2020-02-05T17:15:10.537Z","references":[{"type":"EVIDENCE","url":"https://github.com/dotCMS/core/issues/17796"},{"type":"EVIDENCE","url":"https://dotcms.com/security/SI-54"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"fixed":"155eca8cfe7e67fa92cf5d0a132245b689702c2e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.2.4"}]}}],"versions":["3.0","3.5","3.5_Preview01","3.5_Preview02","3.6.0","5.2.0","5.2.1","pre3.5buildrevert"],"database_specific":{"vanir_signatures_modified":"2026-04-11T13:53:22Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostAPIImpl.java"},"digest":{"line_hashes":["212782313452063913193578797663456291622","92600049029349482001306405533256245985","135756894813603437535814674671407583068","101189251698574058280810611240740138777","297164111336928037556873467862149061788","241429662320713779636975703922712469110","278149354703171285244562976940295763006","226298034287598230884748682406665662303","205274804033709825768539149495175164460","258242024970674548201987921529157739894","65387989931371672711519902159247668504","129179317608015344954522656709245534184"],"threshold":0.9},"source":"https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e","id":"CVE-2020-6754-4190466c","signature_type":"Line"},{"signature_version":"v1","deprecated":false,"target":{"file":"dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostAPIImpl.java","function":"resolveHostName"},"digest":{"function_hash":"80287980246394692374369540247165709685","length":527},"source":"https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e","id":"CVE-2020-6754-46c9205b","signature_type":"Function"},{"signature_version":"v1","deprecated":false,"target":{"file":"dotCMS/src/integration-test/java/com/dotmarketing/portlets/contentlet/business/HostAPITest.java"},"digest":{"line_hashes":["87511054661411499830282760739711177365","70377559537387601527370175728731477612","15706718899924507892123850202955075348","194668899062072866889254087771497566583","118193031551879604056336466241489469969","63842192234830643330814048624695000949","136309341826815609001954834767981236966"],"threshold":0.9},"source":"https://github.com/dotcms/core/commit/155eca8cfe7e67fa92cf5d0a132245b689702c2e","id":"CVE-2020-6754-72c7ba5c","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6754.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}