Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-22118

Опубликовано: 27 мая 2021
Источник: debian
EPSS Низкий

Описание

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javanot-affectedpackage

Примечания

  • https://tanzu.vmware.com/security/cve-2021-22118

  • https://github.com/spring-projects/spring-framework/issues/26931

  • https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1

EPSS

Процентиль: 49%
0.00253
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-22118

CVSS3: 7.8
ubuntu
около 4 лет назад

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

redhat логотип

CVE-2021-22118

CVSS3: 7.1
redhat
около 4 лет назад

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

nvd логотип

CVE-2021-22118

CVSS3: 7.8
nvd
около 4 лет назад

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

github логотип

GHSA-gfwj-fwqj-fp3v

CVSS3: 7.8
github
около 3 лет назад

Improper Privilege Management in Spring Framework

fstec логотип

BDU:2021-03251

CVSS3: 7.8
fstec
около 4 лет назад

Уязвимость программной платформы Spring Framework, вызваная ошибками управления привилегиями, позволяющая нарушителю читать и перезаписывать произвольные файлы

EPSS

Процентиль: 49%
0.00253
Низкий