Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2368
Vulnerability from csaf_certbund
Published
2023-09-14 22:00
Modified
2024-01-07 23:00
Summary
IBM Operational Decision Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Operational Decision Manager ist Software für die Integration von Geschäftsereignissen und Geschäftsregeln, um Entscheidungen über verschiedene Prozesse und Anwendungen hinweg zu automatisieren.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Operational Decision Manager ist Software für die Integration von Geschäftsereignissen und Geschäftsregeln, um Entscheidungen über verschiedene Prozesse und Anwendungen hinweg zu automatisieren.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2368 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2368.json", }, { category: "self", summary: "WID-SEC-2023-2368 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2368", }, { category: "external", summary: "IBM Security Bulletin - 7032928 vom 2023-09-14", url: "https://www.ibm.com/support/pages/node/7032928", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:6138 vom 2023-10-26", url: "https://access.redhat.com/errata/RHSA-2023:6138", }, { category: "external", summary: "IBM Security Bulletin 7105614 vom 2024-01-08", url: "https://www.ibm.com/support/pages/node/7105614", }, ], source_lang: "en-US", title: "IBM Operational Decision Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-07T23:00:00.000+00:00", generator: { date: "2024-08-15T17:58:31.143+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2368", initial_release_date: "2023-09-14T22:00:00.000+00:00", revision_history: [ { date: "2023-09-14T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-10-26T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-01-07T23:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM Operational Decision Manager < 8.10.5.1", product: { name: "IBM Operational Decision Manager < 8.10.5.1", product_id: "T029909", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:8.10.5.1", }, }, }, { category: "product_name", name: "IBM Operational Decision Manager < 8.11.0.1", product: { name: "IBM Operational Decision Manager < 8.11.0.1", product_id: "T029910", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:8.11.0.1", }, }, }, { category: "product_name", name: "IBM Operational Decision Manager < 8.11.1", product: { name: "IBM Operational Decision Manager < 8.11.1", product_id: "T029911", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:8.11.1", }, }, }, { category: "product_name", name: "IBM Operational Decision Manager < 8.12.0", product: { name: "IBM Operational Decision Manager < 8.12.0", product_id: "T029912", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:8.12.0", }, }, }, { category: "product_name", name: "IBM Operational Decision Manager 8.10.5.1 < IF049", product: { name: "IBM Operational Decision Manager 8.10.5.1 < IF049", product_id: "T031894", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:8.10.5.1__if049", }, }, }, ], category: "product_name", name: "Operational Decision Manager", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2047", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der HttpURI-Klasse der Eclipse Jetty-Komponente. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um die Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2022-2047", }, { cve: "CVE-2014-0107", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan-Java-Komponente aufgrund einer unsachgemäßen Behandlung von Ausgabeeigenschaften. Ein entfernter Angreifer kann diese Schwachstelle zur Umgehung von Sicherheitsmaßnahmen ausnutzen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2014-0107", }, { cve: "CVE-2022-25881", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht im Node.js http-cache-semantics-Modul aufgrund eines Denial of Service (ReDoS) durch reguläre Ausdrücke. Durch das Senden einer speziell gestalteten Regex-Eingabe unter Verwendung von Request-Header-Werten kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2022-25881", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan Java XSLT Bibliothekskomponente aufgrund eines Integer Truncation Problems bei der Verarbeitung von bösartigen XSLT Stylesheets. Ein entfernter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-41946", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Postgresql JDBC-Komponente aufgrund eines nicht eingeschränkten Zugriffs zum Erstellen lesbarer Dateien im TemporaryFolder. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2022-41946", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente VMware Tanzu Spring Security aufgrund einer unsachgemäßen Validierung von Benutzereingaben. Mit einer speziell gestalteten Konfiguration kann ein Angreifer diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-37460", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente Plexus Archiver aufgrund der Verfolgung eines symbolischen Links in der Funktion resolveFile(). Durch Extrahieren einer speziell gestalteten Archivdatei, die einen symbolischen Link enthält, mit AbstractUnArchiver kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuführen.", }, ], product_status: { known_affected: [ "T031894", "67646", ], }, release_date: "2023-09-14T22:00:00.000+00:00", title: "CVE-2023-37460", }, ], }
cve-2014-0107
Vulnerability from cvelistv5
Published
2014-04-15 17:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:38.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201604-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201604-02", }, { name: "59291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59291", }, { name: "59290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59290", }, { name: "RHSA-2015:1888", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1888.html", }, { name: "59151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59151", }, { name: "59247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59247", }, { name: "59515", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59515", }, { name: "DSA-2886", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2886", }, { name: "60502", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60502", }, { name: "59369", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59369", }, { name: "59711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59711", }, { name: "57563", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57563", }, { name: "66397", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/66397", }, { name: "1034711", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034711", }, { name: "1034716", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034716", }, { name: "RHSA-2014:1351", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1351.html", }, { name: "RHSA-2014:0348", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0348.html", }, { name: "59036", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59036", }, { name: "apache-xalanjava-cve20140107-sec-bypass(92023)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/XALANJ-2435", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21677967", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-15", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1581058", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", }, { name: "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-24T00:00:00", descriptions: [ { lang: "en", value: "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:37:44", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "GLSA-201604-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201604-02", }, { name: "59291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59291", }, { name: "59290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59290", }, { name: "RHSA-2015:1888", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1888.html", }, { name: "59151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59151", }, { name: "59247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59247", }, { name: "59515", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59515", }, { name: "DSA-2886", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2886", }, { name: "60502", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60502", }, { name: "59369", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59369", }, { name: "59711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59711", }, { name: "57563", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57563", }, { name: "66397", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/66397", }, { name: "1034711", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034711", }, { name: "1034716", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034716", }, { name: "RHSA-2014:1351", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1351.html", }, { name: "RHSA-2014:0348", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0348.html", }, { name: "59036", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59036", }, { name: "apache-xalanjava-cve20140107-sec-bypass(92023)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/XALANJ-2435", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21677967", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-15", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1581058", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", }, { name: "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-0107", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201604-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201604-02", }, { name: "59291", refsource: "SECUNIA", url: "http://secunia.com/advisories/59291", }, { name: "59290", refsource: "SECUNIA", url: "http://secunia.com/advisories/59290", }, { name: "RHSA-2015:1888", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1888.html", }, { name: "59151", refsource: "SECUNIA", url: "http://secunia.com/advisories/59151", }, { name: "59247", refsource: "SECUNIA", url: "http://secunia.com/advisories/59247", }, { name: "59515", refsource: "SECUNIA", url: "http://secunia.com/advisories/59515", }, { name: "DSA-2886", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2886", }, { name: "60502", refsource: "SECUNIA", url: "http://secunia.com/advisories/60502", }, { name: "59369", refsource: "SECUNIA", url: "http://secunia.com/advisories/59369", }, { name: "59711", refsource: "SECUNIA", url: "http://secunia.com/advisories/59711", }, { name: "57563", refsource: "SECUNIA", url: "http://secunia.com/advisories/57563", }, { name: "66397", refsource: "BID", url: "http://www.securityfocus.com/bid/66397", }, { name: "1034711", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034711", }, { name: "1034716", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034716", }, { name: "RHSA-2014:1351", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1351.html", }, { name: "RHSA-2014:0348", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0348.html", }, { name: "59036", refsource: "SECUNIA", url: "http://secunia.com/advisories/59036", }, { name: "apache-xalanjava-cve20140107-sec-bypass(92023)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://issues.apache.org/jira/browse/XALANJ-2435", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/XALANJ-2435", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21677967", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21677967", }, { name: "https://www.tenable.com/security/tns-2018-15", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-15", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", }, { name: "http://www.ocert.org/advisories/ocert-2014-002.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, { name: "http://svn.apache.org/viewvc?view=revision&revision=1581058", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?view=revision&revision=1581058", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", }, { name: "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0107", datePublished: "2014-04-15T17:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:38.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2047
Vulnerability from cvelistv5
Published
2022-07-07 20:45
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.138Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.0", versionType: "custom", }, { lessThanOrEqual: "9.4.46", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.0", versionType: "custom", }, { lessThanOrEqual: "10.0.9", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.0", versionType: "custom", }, { lessThanOrEqual: "11.0.9", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T13:06:30", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2022-2047", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.0", }, { version_affected: "<=", version_value: "9.4.46", }, { version_affected: ">=", version_value: "10.0.0", }, { version_affected: "<=", version_value: "10.0.9", }, { version_affected: ">=", version_value: "11.0.0", }, { version_affected: "<=", version_value: "11.0.9", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2022-2047", datePublished: "2022-07-07T20:45:12", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T00:24:44.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34034
Vulnerability from cvelistv5
Published
2023-07-19 14:16
Modified
2024-10-28 14:40
Severity ?
EPSS score ?
Summary
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Version: Spring Security 6.1.0 Version: Spring Security 6.0.0 Version: Spring Security 5.8.0 Version: Spring Security 5.7.0 Version: Spring Security 5.6.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:54:14.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://spring.io/security/cve-2023-34034", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230814-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34034", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T14:34:24.503021Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T14:40:32.304Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spring Security", vendor: "n/a", versions: [ { lessThanOrEqual: "6.1.1", status: "affected", version: "Spring Security 6.1.0", versionType: " ", }, { lessThanOrEqual: "6.0.4", status: "affected", version: "Spring Security 6.0.0 ", versionType: " ", }, { lessThanOrEqual: "5.8.4", status: "affected", version: "Spring Security 5.8.0", versionType: " ", }, { lessThanOrEqual: "5.7.9 ", status: "affected", version: "Spring Security 5.7.0 ", versionType: " ", }, { lessThanOrEqual: "5.6.11", status: "affected", version: "Spring Security 5.6.0", versionType: " ", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nUsing <code>\"**\"</code> as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n", }, ], value: "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "potential for a security bypass", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T14:16:12.150Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2023-34034", }, { url: "https://security.netapp.com/advisory/ntap-20230814-0008/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-34034", datePublished: "2023-07-19T14:16:12.150Z", dateReserved: "2023-05-25T17:21:56.199Z", dateUpdated: "2024-10-28T14:40:32.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41946
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:56:38.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h", }, { tags: [ "x_transferred", ], url: "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5", }, { name: "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html", }, { name: "FEDORA-2023-42d6ba9bd6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240329-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pgjdbc", vendor: "pgjdbc", versions: [ { status: "affected", version: ">= 42.2.0, < 42.2.27", }, { status: "affected", version: "> 42.3.0, < 42.3.8", }, { status: "affected", version: ">= 42.4.0, < 42.4.3", }, { status: "affected", version: ">= 42.5.0, < 42.5.1", }, ], }, ], descriptions: [ { lang: "en", value: "pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-377", description: "CWE-377: Insecure Temporary File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-29T13:06:09.090943", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h", }, { url: "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5", }, { name: "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html", }, { name: "FEDORA-2023-42d6ba9bd6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/", }, { url: "https://security.netapp.com/advisory/ntap-20240329-0003/", }, ], source: { advisory: "GHSA-562r-vg33-8x8h", discovery: "UNKNOWN", }, title: "TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-41946", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-09-30T00:00:00", dateUpdated: "2024-08-03T12:56:38.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25881
Vulnerability from cvelistv5
Published
2023-01-31 05:00
Modified
2025-03-27 17:16
Severity ?
EPSS score ?
Summary
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | http-cache-semantics |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:49:44.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783", }, { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332", }, { tags: [ "x_transferred", ], url: "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230622-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-25881", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T17:16:22.393784Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333 Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T17:16:32.835Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "http-cache-semantics", vendor: "n/a", versions: [ { lessThan: "4.1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { product: "org.webjars.npm:http-cache-semantics", vendor: "n/a", versions: [ { lessThan: "4.1.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Carter Snook", }, ], descriptions: [ { lang: "en", value: "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "Regular Expression Denial of Service (ReDoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-22T14:06:15.662Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783", }, { url: "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332", }, { url: "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83", }, { url: "https://security.netapp.com/advisory/ntap-20230622-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2022-25881", datePublished: "2023-01-31T05:00:01.220Z", dateReserved: "2022-02-24T11:58:26.944Z", dateUpdated: "2025-03-27T17:16:32.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34169
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Version: Xalan-J < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:16:17.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Xalan-J", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.7.2", status: "affected", version: "Xalan-J", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Reported by Felix Wilhelm, Google Project Zero", }, ], descriptions: [ { lang: "en", value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", }, ], problemTypes: [ { descriptions: [ { description: "integer truncation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:47.103Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { url: "https://security.gentoo.org/glsa/202401-25", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-34169", datePublished: "2022-07-19T00:00:00.000Z", dateReserved: "2022-06-21T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:44.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37460
Vulnerability from cvelistv5
Published
2023-07-25 19:41
Modified
2024-10-03 19:09
Severity ?
EPSS score ?
Summary
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codehaus-plexus | plexus-archiver |
Version: < 4.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:16:29.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", }, { name: "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", }, { name: "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "plexus-archiver", vendor: "codehaus-plexus", versions: [ { lessThan: "4.8.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37460", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:09:14.939906Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T19:09:55.667Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "plexus-archiver", vendor: "codehaus-plexus", versions: [ { status: "affected", version: "< 4.8.0", }, ], }, ], descriptions: [ { lang: "en", value: "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-61", description: "CWE-61: UNIX Symbolic Link (Symlink) Following", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-25T19:41:46.096Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", }, { name: "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", tags: [ "x_refsource_MISC", ], url: "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", }, { name: "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", }, ], source: { advisory: "GHSA-wh3p-fphp-9h2m", discovery: "UNKNOWN", }, title: "Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-37460", datePublished: "2023-07-25T19:41:46.096Z", dateReserved: "2023-07-06T13:01:36.997Z", dateUpdated: "2024-10-03T19:09:55.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.