PT-2021-3400 · Unknown · Spring Framework
Published
2021-05-27
·
Updated
2022-10-25
·
CVE-2021-22118
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Spring Framework versions 5.2.x prior to 5.2.15
Spring Framework versions 5.3.x prior to 5.3.7
Description
The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker to read and overwrite arbitrary files. In a WebFlux application, a locally authenticated malicious user can exploit this by recreating the temporary storage directory, allowing them to read or modify uploaded files or overwrite arbitrary files with multipart request data.
Recommendations
For Spring Framework versions 5.2.x prior to 5.2.15, update to version 5.2.15 or later.
For Spring Framework versions 5.3.x prior to 5.3.7, update to version 5.3.7 or later.
Fix
Improper Privilege Management
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Spring Framework