Oracle PeopleSoft Enterprise PeopleTools 8.57/8.58/8.59 Netty 信息公开

时间轴

用户

125
018

字段

advisory_confirm_url1
source_cve_nvd_summary1
source_cve_assigned1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1

Commit Conf

90%30
50%10
70%3

Approve Conf

90%30
80%10
70%3
ID已提交用户字段更改备注已接受原因C
114686792021-07-25VulD...confirm_urlhttps://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2cve.mitre.org2021-07-25已接受
70
114686782021-07-25VulD...cve_nvd_summaryNetty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.cve.mitre.org2021-07-25已接受
70
114686772021-07-25VulD...cve_assigned1608591600 (2020-12-22)cve.mitre.org2021-07-25已接受
70
114483832021-07-21VulD...price_0day$0-$5ksee exploit price documentation2021-07-21已接受
90
114483822021-07-21VulD...cvss3_meta_tempscore5.3see CVSS documentation2021-07-21已接受
90
114483812021-07-21VulD...cvss3_meta_basescore5.5see CVSS documentation2021-07-21已接受
90
114483802021-07-21VulD...cvss3_vuldb_tempscore5.3see CVSS documentation2021-07-21已接受
90
114483792021-07-21VulD...cvss3_vuldb_basescore5.5see CVSS documentation2021-07-21已接受
90
114483782021-07-21VulD...cvss2_vuldb_tempscore4.0see CVSS documentation2021-07-21已接受
90
114483772021-07-21VulD...cvss2_vuldb_basescore4.6see CVSS documentation2021-07-21已接受
90
114483762021-07-21VulD...cvss3_vuldb_eXderived from historical data2021-07-21已接受
80
114483752021-07-21VulD...cvss2_vuldb_eNDderived from historical data2021-07-21已接受
80
114483742021-07-21VulD...cvss2_vuldb_auSderived from historical data2021-07-21已接受
80
114483732021-07-21VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector2021-07-21已接受
80
114483722021-07-21VulD...cvss2_vuldb_rcCderived from vuldb v3 vector2021-07-21已接受
80
114483712021-07-21VulD...cvss2_vuldb_aiNderived from vuldb v3 vector2021-07-21已接受
80
114483702021-07-21VulD...cvss2_vuldb_iiNderived from vuldb v3 vector2021-07-21已接受
80
114483692021-07-21VulD...cvss2_vuldb_ciCderived from vuldb v3 vector2021-07-21已接受
80
114483682021-07-21VulD...cvss2_vuldb_acLderived from vuldb v3 vector2021-07-21已接受
80
114483672021-07-21VulD...cvss2_vuldb_avLderived from vuldb v3 vector2021-07-21已接受
80

23 更多条目未显示

Do you need the next level of professionalism?

Upgrade your account now!