EUVD-2024-0392

Malicious code in bioql PyPI...

Information Disclosure

Spring Cloud Contract is vulnerable to Information Disclosure. The vulnerability is due to temporary directories created with insecure permissions due to the guava dependency...

Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=3.1.0 <=3.1.1), no.skatteetaten.aurora.gradle.plugins:aurora-gradle-plugin (>=4.4.6 <=4.5.2) +14 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=3.1.0 <=3.1.1)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =3.1.0, =3.1.0, =4.4.6, =4.4.6, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.1 - org.springframework.cloud:spr...

GHSA-P6RP-MX85-M459 Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=4.0.1 <=4.0.4), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (>=4.0.0 <=4.0.4) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=4.0.0 <=4.0.4)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.0.0, =4.0.1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.4 Source cves: CVE-2024-22236 Source advisory: OSV:GHSA-P6RP-MX85-M459...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

Information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

Spring Cloud Contract (org.springframework.cloud:spring-cloud-contract-shade) is affected. Versions 4.1.x before 4.1.1, 4.0.x before 4.0.5, and 3.1.x before 3.1.10 permit local information disclosure due to temporary directories created with unsafe permissions via the shaded com.google.guava:guav...

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework implemented in Spring Boot by the Spring team. A security vulnerability exists in Spring Cloud Contract versions prior to 4.1.1, 4.0.5, and 3.1.10, which can be exploited to disclose local information through a temporary directory created with insecure...

PT-2024-19288 · Google +1 · Guava +1

Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...

at.newmedialab.ldpath:ldpath-api (>=0.9.12 <=0.9.13), at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13) +1790 more potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.0-alpha0 <=1.7.25)

org.slf4j:slf4j-ext MAVEN version =1.0-alpha0, =0.9.12, =0.9.12, =0.9.12, =0.9.12, =0.9.11, =0.9.12, =0.1-1, =2.3.0, =2.3.1 and more Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...