Description

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Remediation

References

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85

Related Vulnerabilities

CVE-2023-49371 Vulnerability in maven package com.ruoyi:ruoyi

CVE-2013-4378 Vulnerability in maven package net.bull.javamelody:javamelody-core

CVE-2021-21162 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api

CVE-2020-26299 Vulnerability in npm package ftp-srv

Severity

High

Classification

CWE-668 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory