CVE-2024-22236 | Spring Cloud Contract up to 3.1.9/4.0.4/4.1.0 Guava temp file

Posted by Angelo Barbosa | Jan 31, 2024 | CVE

A vulnerability was found in Spring Cloud Contract up to 3.1.9/4.0.4/4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Guava Handler. The manipulation leads to creation of temporary file in directory with insecure permissions.

This vulnerability is known as CVE-2024-22236. Local access is required to approach this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-22236 | Spring Cloud Contract up to 3.1.9/4.0.4/4.1.0 Guava temp file

Related Posts

CVE-2024-21972 | AMD Software Adrenalin Edition/Software Pro Edition User Mode Driver for DirectX 11 out-of-bounds write

CVE-2023-6557 | The Events Calendar Plugin up to 6.2.8.2 on WordPress information disclosure

CVE-2024-1241 | Watchdog Antivirus 1.6.415 IOCTL wsdk-driver.sys null pointer dereference

CVE-2023-37185 | C-Blosc2 up to 2.9.2 zfp/blosc2-zfp.c zfp_prec_decompress null pointer dereference (Issue 519)