VDB-179206 · CVE-2021-21290Oracle PeopleSoft Enterprise PeopleTools 8.57/8.58/8.59 Netty 信息公开条目历史差异jsonxmlCTI时间轴用户125018字段advisory_confirm_url1source_cve_nvd_summary1source_cve_assigned1exploit_price_0day1vulnerability_cvss3_meta_tempscore1Commit Conf90%3050%1070%3Approve Conf90%3080%1070%3ID已提交用户字段更改备注已接受原因C114686792021-07-25VulD...confirm_urlhttps://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2cve.mitre.org2021-07-25已接受70114686782021-07-25VulD...cve_nvd_summaryNetty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.cve.mitre.org2021-07-25已接受70114686772021-07-25VulD...cve_assigned1608591600 (2020-12-22)cve.mitre.org2021-07-25已接受70114483832021-07-21VulD...price_0day$0-$5ksee exploit price documentation2021-07-21已接受90114483822021-07-21VulD...cvss3_meta_tempscore5.3see CVSS documentation2021-07-21已接受90114483812021-07-21VulD...cvss3_meta_basescore5.5see CVSS documentation2021-07-21已接受90114483802021-07-21VulD...cvss3_vuldb_tempscore5.3see CVSS documentation2021-07-21已接受90114483792021-07-21VulD...cvss3_vuldb_basescore5.5see CVSS documentation2021-07-21已接受90114483782021-07-21VulD...cvss2_vuldb_tempscore4.0see CVSS documentation2021-07-21已接受90114483772021-07-21VulD...cvss2_vuldb_basescore4.6see CVSS documentation2021-07-21已接受90114483762021-07-21VulD...cvss3_vuldb_eXderived from historical data2021-07-21已接受80114483752021-07-21VulD...cvss2_vuldb_eNDderived from historical data2021-07-21已接受80114483742021-07-21VulD...cvss2_vuldb_auSderived from historical data2021-07-21已接受80114483732021-07-21VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector2021-07-21已接受80114483722021-07-21VulD...cvss2_vuldb_rcCderived from vuldb v3 vector2021-07-21已接受80114483712021-07-21VulD...cvss2_vuldb_aiNderived from vuldb v3 vector2021-07-21已接受80114483702021-07-21VulD...cvss2_vuldb_iiNderived from vuldb v3 vector2021-07-21已接受80114483692021-07-21VulD...cvss2_vuldb_ciCderived from vuldb v3 vector2021-07-21已接受80114483682021-07-21VulD...cvss2_vuldb_acLderived from vuldb v3 vector2021-07-21已接受80114483672021-07-21VulD...cvss2_vuldb_avLderived from vuldb v3 vector2021-07-21已接受8023 更多条目未显示🔒 Login RequiredYou need to signup and login to see more of the remaining 23 results.◂ 上一步一览下一步 ▸Do you need the next level of professionalism?Upgrade your account now!
