mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
98 lines
3.4 KiB
JSON
98 lines
3.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-22236",
|
|
"ASSIGNER": "security@vmware.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava\u00a0dependency in the org.springframework.cloud:spring-cloud-contract-shade\u00a0dependency.\n\n\n\n\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Spring",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Spring Cloud Contract",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "4.1.0",
|
|
"version_value": "4.1.1"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "4.0.0",
|
|
"version_value": "4.0.6"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.1.0",
|
|
"version_value": "3.1.10"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://spring.io/security/cve-2024-22236",
|
|
"refsource": "MISC",
|
|
"name": "https://spring.io/security/cve-2024-22236"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.3,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |