VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...