Incorrect Default Permissions in Apache Commons FileUpload

説明

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

基本情報

タイプ
reviewed
深刻度
low
GitHub 上のアドバイザリ
アドバイザリを開く ↗
リポジトリのアドバイザリ
ソースコード
未指定
公開(アドバイザリ)
2022-05-05 02:48:41 UTC
更新
2023-01-27 05:02:04 UTC
GitHub レビュー済み
2022-07-08 18:59:32 UTC
NVD で公開
2013-03-15

EPSS Score

Score Percentile
0.07% 21.13%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-276 Incorrect Default Permissions

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven commons-fileupload:commons-fileupload >= 1.0, < 1.2.2 1.2.2

References

cvelogic Threat Intelligence