Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-22118

UNKNOWN
Published 2021-05-27T14:48:16
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-22118. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Improper Privilege Management in Spring Framework

GHSA-gfwj-fwqj-fp3v

Advisory Details

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Affected Packages

Maven org.springframework:spring-web
ECOSYSTEM: ≥5.2.0 <5.2.15
Maven org.springframework:spring-web
ECOSYSTEM: ≥5.3.0 <5.3.7

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-22118
WEB https://github.com/spring-projects/spring-framework/issues/26931
WEB https://github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5ac
WEB https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1
PACKAGE https://github.com/spring-projects/spring-framework
WEB https://security.netapp.com/advisory/ntap-20210713-0005
WEB https://spring.io/security/cve-2021-22118
WEB https://tanzu.vmware.com/security/cve-2021-22118
WEB https://www.oracle.com//security-alerts/cpujul2021.html
WEB https://www.oracle.com/security-alerts/cpuapr2022.html
WEB https://www.oracle.com/security-alerts/cpujan2022.html
WEB https://www.oracle.com/security-alerts/cpujul2022.html
WEB https://www.oracle.com/security-alerts/cpuoct2021.html

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: July 19, 2023

References

https://tanzu.vmware.com/security/cve-2021-22118
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.netapp.com/advisory/ntap-20210713-0005/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Published: 2021-05-27T14:48:16
Last Modified: 2024-08-03T18:30:23.944Z
Copied to clipboard!