In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20210713-0005/ | Third Party Advisory |
https://tanzu.vmware.com/security/cve-2021-22118 | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-05-27T14:48:16
Updated: 2022-07-25T16:24:54
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22118
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-27T15:15:07.437
Modified: 2022-10-25T20:57:05.947
Link: CVE-2021-22118
JSON object: View
Redhat Information
No data.