CVE-2022-21126

Опубликовано: 29 нояб. 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 7.8

EPSS Низкий

Описание

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

Ссылки

https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772
Patch
Third Party Advisory
https://github.com/samtools/htsjdk/pull/1617
Exploit
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBSAMTOOLS-3149901
Third Party Advisory
https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772
Patch
Third Party Advisory
https://github.com/samtools/htsjdk/pull/1617
Exploit
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBSAMTOOLS-3149901
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samtools:htsjdk:*:*:*:*:*:*:*:*

Версия до 3.0.1 (исключая)

EPSS

Процентиль: 47%

0.00244

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-668

Связанные уязвимости

CVE-2022-21126

CVSS3: 7.3

ubuntu

около 3 лет назад

GHSA-96vh-4rfp-c42c

CVSS3: 7.8

github

около 3 лет назад

HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

EPSS

Процентиль: 47%

0.00244

Низкий

7.3 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-668