Description

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

Remediation

References

http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925

http://www.securityfocus.com/bid/101562

https://issues.apache.org/jira/browse/DERBY-2925

Related Vulnerabilities

CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common

CVE-2023-35110 Vulnerability in maven package de.grobmeier.json:jjson

CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-keycloak-authorization

CVE-2018-20059 Vulnerability in maven package ro.pippo:pippo-jaxb

CVE-2021-23383 Vulnerability in maven package org.webjars.npm:handlebars

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Issue Tracking Patch Vendor Advisory Release Notes