CVE-2022-27772

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Ссылки

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
Exploit
Patch
Third Party Advisory
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*

Версия до 2.2.11 (исключая)

EPSS

Процентиль: 74%

0.00826

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-cm59-pr5q-cw85