csaf_ncscnl - ncsc-2025-0334

ncsc-2025-0334

Vulnerability from csaf_ncscnl

Published

2025-10-23 13:42

Modified

2025-10-23 13:42

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.

Interpretaties

De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-122

Heap-based Buffer Overflow

CWE-190

Integer Overflow or Wraparound

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

CWE-306

Missing Authentication for Critical Function

CWE-354

Improper Validation of Integrity Check Value

CWE-400

Uncontrolled Resource Consumption

CWE-404

Improper Resource Shutdown or Release

CWE-674

Uncontrolled Recursion

CWE-680

Integer Overflow to Buffer Overflow

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-787

Out-of-bounds Write

CWE-789

Memory Allocation with Excessive Size Value

CWE-918

Server-Side Request Forgery (SSRF)

CWE-937

CWE-1035

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Integer Overflow to Buffer Overflow",
        "title": "CWE-680"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2025-10-23T13:42:11.992643Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0334",
      "initial_release_date": "2025-10-23T13:42:11.992643Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:42:11.992643Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Identity Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Coherence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Data Quality"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Fusion Middleware MapViewer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Global Lifecycle Management NextGen OUI Framework"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle JDeveloper"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Middleware Common Libraries and Tools"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle SOA Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Security Service"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Forms Recognition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Portal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebLogic Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Outside In Technology"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15250",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-15250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-15250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2020-15250"
    },
    {
      "cve": "CVE-2023-45853",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle, Siemens, IBM, zlib, and NetApp products pose severe risks, including remote code execution, denial of service, and data manipulation, with CVSS scores indicating high impact potential.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45853 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-45853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-41909",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Retail Applications, Oracle Middleware, and Apache MINA SSHD could be exploited by remote attackers, affecting data integrity and security features with varying CVSS scores.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41909 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41909.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2024-41909"
    },
    {
      "cve": "CVE-2024-48014",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Fusion Middleware and Dell BSAFE Micro Edition Suite could allow unauthenticated attackers to cause denial of service, with CVSS scores indicating significant severity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-48014 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-48014.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2024-48014"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48795",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebCenter Forms Recognition and Apache CXF expose systems to data compromise and denial of service risks, with CVSS scores indicating significant impacts on confidentiality, integrity, and availability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-48795"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-53816",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities have been identified in Oracle Outside In Technology versions 8.5.7 and 8.5.8, and in 7-Zip prior to version 25.0.0, both allowing denial of service attacks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53816 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-53816"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-61752",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0 allows unauthenticated attackers to exploit HTTP/2 access, potentially leading to denial of service with a CVSS score of 7.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61752 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61752.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-61752"
    },
    {
      "cve": "CVE-2025-61757",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A critical vulnerability in Oracle Fusion Middleware\u0027s Identity Manager (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61757 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61757.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-61757"
    },
    {
      "cve": "CVE-2025-61764",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 allows unauthenticated attackers to access certain data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61764 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61764.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13"
          ]
        }
      ],
      "title": "CVE-2025-61764"
    }
  ]
}

CVE-2024-48014 (GCVE-0-2024-48014)

Vulnerability from cvelistv5

Published

2025-09-25 15:08

Modified

2025-09-25 16:05

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/000256131/dsa-2024-459-dell-bsafe-micro-edition-suite-security-update

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	BSAFE Micro Edition Suite	Version: N/A ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-25T16:05:34.678390Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-25T16:05:40.970Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BSAFE Micro Edition Suite",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "5.0.3",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-09-25T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
            }
          ],
          "value": "Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T15:08:52.140Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000256131/dsa-2024-459-dell-bsafe-micro-edition-suite-security-update"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-48014",
    "datePublished": "2025-09-25T15:08:52.140Z",
    "dateReserved": "2024-10-08T05:40:53.870Z",
    "dateUpdated": "2025-09-25T16:05:40.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41909 (GCVE-0-2024-41909)

Vulnerability from cvelistv5

Published

2024-08-12 16:00

Modified

2025-03-27 15:31

Severity ?

CWE

CWE-354 - Improper Validation of Integrity Check Value

Summary

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

References

URL

Tags

	https://github.com/apache/mina-sshd/issues/445	issue-tracking
	https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache MINA SSHD	Version: 0 ≤ 2.11.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T14:03:16.638471Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T15:31:20.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-11T22:03:14.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache MINA SSHD",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.11.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Fabian B\u00e4umer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eLike many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\n\nThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354 Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-12T16:00:29.568Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/apache/mina-sshd/issues/445"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache MINA SSHD: integrity check bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-41909",
    "datePublished": "2024-08-12T16:00:29.568Z",
    "dateReserved": "2024-07-23T15:14:34.330Z",
    "dateUpdated": "2025-03-27T15:31:20.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8916 (GCVE-0-2025-8916)

Vulnerability from cvelistv5

Published

2025-08-13 09:31

Modified

2025-09-12 11:17

Severity ?

6.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java. This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.

References

URL

Tags

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916

Impacted products

Vendor

Product

Version

Legion of the Bouncy Castle Inc.

BC Java

Version: 1.44

	Legion of the Bouncy Castle Inc.	BC Java	Version: 1.44
	Legion of the Bouncy Castle Inc.	BCPKIX FIPS	Version: 1.0.0 Version: 2.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T13:13:37.616496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T13:13:54.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "packageName": "bcpkix",
          "platforms": [
            "All"
          ],
          "product": "BC Java",
          "programFiles": [
            "https://github.com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java"
          ],
          "repo": "https://github.com/bcgit/bc-java",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThanOrEqual": "1.78",
              "status": "affected",
              "version": "1.44",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "packageName": "bcprov",
          "platforms": [
            "All"
          ],
          "product": "BC Java",
          "programFiles": [
            "https://github.com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java"
          ],
          "repo": "https://github.com/bcgit/bc-java",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThanOrEqual": "1.78",
              "status": "affected",
              "version": "1.44",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "packageName": "bcpkix-fips",
          "platforms": [
            "All"
          ],
          "product": "BCPKIX FIPS",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2.0.7",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."
            }
          ],
          "value": "For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bing Shi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java\u003c/tt\u003e, \u003ctt\u003ehttps://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.\n\nThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "USER",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-12T11:17:08.609Z",
        "orgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
        "shortName": "bcorg"
      },
      "references": [
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."
            }
          ],
          "value": "Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
    "assignerShortName": "bcorg",
    "cveId": "CVE-2025-8916",
    "datePublished": "2025-08-13T09:31:21.181Z",
    "dateReserved": "2025-08-13T08:52:38.480Z",
    "dateUpdated": "2025-09-12T11:17:08.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45853 (GCVE-0-2023-45853)

Vulnerability from cvelistv5

Published

2023-10-14 00:00

Modified

2024-08-02 20:29

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Summary

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

References

URL

Tags

	https://github.com/madler/zlib/pull/843
	https://www.winimage.com/zLibDll/minizip.html
	https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
	https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
	https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
	http://www.openwall.com/lists/oss-security/2023/10/20/9	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html	mailing-list
	https://security.netapp.com/advisory/ntap-20231130-0009/
	https://pypi.org/project/pyminizip/#history
	https://security.gentoo.org/glsa/202401-18	vendor-advisory
	http://www.openwall.com/lists/oss-security/2024/01/24/10	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zlib",
            "vendor": "zlib",
            "versions": [
              {
                "lessThan": "1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-45853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:37.318179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:17:29.025Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:29:32.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/madler/zlib/pull/843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.winimage.com/zLibDll/minizip.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356"
          },
          {
            "name": "[oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/20/9"
          },
          {
            "name": "[debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231130-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pypi.org/project/pyminizip/#history"
          },
          {
            "name": "GLSA-202401-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-18"
          },
          {
            "name": "[oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-24T21:06:19.795482",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/madler/zlib/pull/843"
        },
        {
          "url": "https://www.winimage.com/zLibDll/minizip.html"
        },
        {
          "url": "https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4"
        },
        {
          "url": "https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61"
        },
        {
          "url": "https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356"
        },
        {
          "name": "[oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/9"
        },
        {
          "name": "[debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231130-0009/"
        },
        {
          "url": "https://pypi.org/project/pyminizip/#history"
        },
        {
          "name": "GLSA-202401-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-18"
        },
        {
          "name": "[oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/01/24/10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45853",
    "datePublished": "2023-10-14T00:00:00",
    "dateReserved": "2023-10-14T00:00:00",
    "dateUpdated": "2024-08-02T20:29:32.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27533 (GCVE-0-2025-27533)

Vulnerability from cvelistv5

Published

2025-05-07 08:59

Modified

2025-05-07 14:00

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Summary

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

References

URL

Tags

https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache ActiveMQ	Version: 6.0.0 ≤ Version: 5.18.0 ≤ Version: 5.17.0 ≤ Version: 5.16.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-07T09:04:12.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/06/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T13:59:20.516224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T14:00:17.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache ActiveMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "6.1.6",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.18.7",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.7",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.8",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\u003c/p\u003e\u003cp\u003eExisting users may implement mutual TLS to mitigate the risk on affected brokers.\u003c/p\u003e"
            }
          ],
          "value": "Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\n\nDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\n\nUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\n\nExisting users may implement mutual TLS to mitigate the risk on affected brokers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T08:59:00.249Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg"
        }
      ],
      "source": {
        "defect": [
          "AMQ-6596"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-27533",
    "datePublished": "2025-05-07T08:59:00.249Z",
    "dateReserved": "2025-02-28T12:57:16.780Z",
    "dateUpdated": "2025-05-07T14:00:17.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27817 (GCVE-0-2025-27817)

Vulnerability from cvelistv5

Published

2025-06-10 07:55

Modified

2025-06-10 15:15

Severity ?

CWE

Arbitrary file read and SSRF vulnerability

Summary

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

References

URL

Tags

https://kafka.apache.org/cve-list

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Kafka Client	Version: 3.1.0 ≤ 3.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-10T08:05:23.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/09/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-27817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:17:53.791454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T15:15:40.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Kafka Client",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.9.0",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u7f57\u946b \u003clx2317103712@gmail.com\u003e"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "1ue (https://github.com/luelueking)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "4ra1n (https://github.com/4ra1n)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "enokiy \u003c846800628@qq.com\u003e"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "VulTeam of ThreatBook"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eA possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. \u003c/div\u003e\u003cp\u003eSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.\u003cbr\u003e\u003c/p\u003e\n\n      \u003cbr\u003e"
            }
          ],
          "value": "A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the \"sasl.oauthbearer.token.endpoint.url\" and \"sasl.oauthbearer.jwks.endpoint.url\" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. \n\nSince Apache Kafka 3.9.1/4.0.0, we have added a system property (\"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary file read and SSRF vulnerability",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T07:55:14.422Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kafka.apache.org/cve-list"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Kafka Client: Arbitrary file read and SSRF vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-27817",
    "datePublished": "2025-06-10T07:55:14.422Z",
    "dateReserved": "2025-03-07T08:12:18.582Z",
    "dateUpdated": "2025-06-10T15:15:40.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48976 (GCVE-0-2025-48976)

Vulnerability from cvelistv5

Published

2025-06-16 15:00

Modified

2025-06-17 14:07

Severity ?

CWE

Allocation of resources with insufficient limits

Summary

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

References

URL

Tags

https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Commons FileUpload

Version: 1.0 ≤

Apache Software Foundation

Apache Commons FileUpload

Version: 2.0.0-M1 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-16T20:03:22.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/16/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T14:04:56.145891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T14:07:34.067Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-fileupload:commons-fileupload",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.6",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-fileupload2",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M4",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TERASOLUNA Framework Security Team of NTT DATA Group Corporation"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Allocation of resources with insufficient limits",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-16T15:00:48.140Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48976",
    "datePublished": "2025-06-16T15:00:48.140Z",
    "dateReserved": "2025-05-29T07:19:14.431Z",
    "dateUpdated": "2025-06-17T14:07:34.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61752 (GCVE-0-2025-61752)

Vulnerability from cvelistv5

Published

2025-10-21 20:03

Modified

2025-10-22 18:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

URL

Tags

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle WebLogic Server	Version: 14.1.1.0.0 ≤ Version: 14.1.2.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T18:34:30.782416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T18:34:45.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle WebLogic Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "14.1.1.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "14.1.2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 14.1.1.0.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:09.540Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-61752",
    "datePublished": "2025-10-21T20:03:09.540Z",
    "dateReserved": "2025-09-30T19:21:55.555Z",
    "dateUpdated": "2025-10-22T18:34:45.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55163 (GCVE-0-2025-55163)

Vulnerability from cvelistv5

Published

2025-08-13 14:17

Modified

2025-08-13 14:37

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

References

URL

Tags

https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	netty	netty	Version: < 4.1.124.Final Version: < 4.2.4.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55163",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T14:37:06.148395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T14:37:20.727Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.124.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.2.4.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T14:17:36.111Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
        }
      ],
      "source": {
        "advisory": "GHSA-prj3-ccx8-p6x4",
        "discovery": "UNKNOWN"
      },
      "title": "Netty MadeYouReset HTTP/2 DDoS Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55163",
    "datePublished": "2025-08-13T14:17:36.111Z",
    "dateReserved": "2025-08-07T18:27:23.307Z",
    "dateUpdated": "2025-08-13T14:37:20.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53816 (GCVE-0-2025-53816)

Vulnerability from cvelistv5

Published

2025-07-17 18:09

Modified

2025-07-18 18:18

Severity ?

5.5 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.

References

URL

Tags

	https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/	x_refsource_CONFIRM
	https://www.openwall.com/lists/oss-security/2025/07/18/1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ipavlov	7-Zip	Version: < 25.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:25:13.387100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:25:22.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "7-Zip",
          "vendor": "ipavlov",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 25.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T18:18:02.578Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/"
        },
        {
          "name": "https://www.openwall.com/lists/oss-security/2025/07/18/1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2025/07/18/1"
        }
      ],
      "source": {
        "advisory": "GHSA-3qvx-xph6-cgw4",
        "discovery": "UNKNOWN"
      },
      "title": "GHSL-2025-058 - 7-Zip Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53816",
    "datePublished": "2025-07-17T18:09:58.480Z",
    "dateReserved": "2025-07-09T14:14:52.528Z",
    "dateUpdated": "2025-07-18T18:18:02.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61757 (GCVE-0-2025-61757)

Vulnerability from cvelistv5

Published

2025-10-21 20:03

Modified

2025-10-23 03:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager.

Summary

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

URL

Tags

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Identity Manager	Version: 12.2.1.4.0 ≤ Version: 14.1.2.1.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T03:55:34.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Identity Manager",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.2.1.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "14.1.2.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:11.303Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-61757",
    "datePublished": "2025-10-21T20:03:11.303Z",
    "dateReserved": "2025-09-30T19:21:55.556Z",
    "dateUpdated": "2025-10-23T03:55:34.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48924 (GCVE-0-2025-48924)

Vulnerability from cvelistv5

Published

2025-07-11 14:56

Modified

2025-07-14 16:37

Severity ?

CWE

CWE-674 - Uncontrolled Recursion

Summary

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

References

URL

Tags

https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Commons Lang

Version: 2.0

Apache Software Foundation

Apache Commons Lang

Version: 3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-14T16:36:59.432024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-14T16:37:02.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unknown",
          "packageName": "commons-lang:commons-lang",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.6",
              "status": "affected",
              "version": "2.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-lang3",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.18.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "OSS-Fuzz Issue 42522972"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T14:56:58.049Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48924",
    "datePublished": "2025-07-11T14:56:58.049Z",
    "dateReserved": "2025-05-28T15:06:51.476Z",
    "dateUpdated": "2025-07-14T16:37:02.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-61764 (GCVE-0-2025-61764)

Vulnerability from cvelistv5

Published

2025-10-21 20:03

Modified

2025-10-22 14:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL

Tags

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle WebLogic Server	Version: 12.2.1.4.0 ≤ Version: 14.1.1.0.0 ≤ Version: 14.1.2.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61764",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T14:36:48.066548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T14:36:53.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle WebLogic Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.2.1.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "14.1.1.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "14.1.2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle WebLogic Server accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:14.012Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-61764",
    "datePublished": "2025-10-21T20:03:14.012Z",
    "dateReserved": "2025-09-30T19:21:55.557Z",
    "dateUpdated": "2025-10-22T14:36:53.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48795 (GCVE-0-2025-48795)

Vulnerability from cvelistv5

Published

2025-07-15 14:26

Modified

2025-07-15 20:44

Severity ?

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted. Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.

References

URL

Tags

https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CXF	Version: 3.5.10 ≤ Version: 3.6.5 ≤ Version: 4.0.6 ≤ Version: 4.1.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T20:44:08.849167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T20:44:33.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CXF",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.5.11",
              "status": "affected",
              "version": "3.5.10",
              "versionType": "semver"
            },
            {
              "lessThan": "3.6.6",
              "status": "affected",
              "version": "3.6.5",
              "versionType": "semver"
            },
            {
              "lessThan": "4.0.7",
              "status": "affected",
              "version": "4.0.6",
              "versionType": "semver"
            },
            {
              "lessThan": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "MAUGIN Thomas https://github.com/Thom-x, Qlik"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
            }
          ],
          "value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\n\nUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T14:26:44.758Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache CXF: Denial of Service and sensitive data exposure in logs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48795",
    "datePublished": "2025-07-15T14:26:44.758Z",
    "dateReserved": "2025-05-26T08:49:17.479Z",
    "dateUpdated": "2025-07-15T20:44:33.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48734 (GCVE-0-2025-48734)

Vulnerability from cvelistv5

Published

2025-05-28 13:32

Modified

2025-05-29 03:55

Severity ?

CWE

CWE-284 - Improper Access Control

Summary

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

References

URL

Tags

https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Commons BeanUtils 1.x

Version: 1.0

Apache Software Foundation

Apache Commons BeanUtils 2.x

Version: 2.0.0-M1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T03:55:47.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-28T18:03:42.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/28/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-beanutils:commons-beanutils",
          "product": "Apache Commons BeanUtils 1.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-beanutils2",
          "product": "Apache Commons BeanUtils 2.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M2",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Raj (mailto:denesh.raj@zohocorp.com)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T13:32:08.300Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48734",
    "datePublished": "2025-05-28T13:32:08.300Z",
    "dateReserved": "2025-05-23T12:30:32.006Z",
    "dateUpdated": "2025-05-29T03:55:47.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15250 (GCVE-0-2020-15250)

Vulnerability from cvelistv5

Published

2020-10-12 17:55

Modified

2024-08-04 13:08

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

References

URL

Tags

	https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp	x_refsource_CONFIRM
	https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae	x_refsource_MISC
	https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md	x_refsource_MISC
	https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html	x_refsource_MISC
	https://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41%40%3Cdev.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9%40%3Cdev.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672%40%3Ccommits.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457%40%3Cdev.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc%40%3Ccommits.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872%40%3Cdev.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b%40%3Cdev.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0%40%3Ccommits.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://github.com/junit-team/junit4/issues/1676	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/11/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ra1bdb9efae84794e8ffa2f8474be8290ba57830eefe9714b95da714b%40%3Cdev.pdfbox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b%40%3Ccommits.pulsar.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r30f502d2f79e8d635361adb8108dcbb73095163fcbd776ee7984a094%40%3Ccommits.creadur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r925eaae7dd8f77dd61eefc49c1fcf54bd9ecfe605486870d7b1e9390%40%3Cpluto-dev.portals.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r29d703d1986d9b871466ff24082a1828ac8ad27bb0965a93a383872e%40%3Cpluto-scm.portals.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r09cfbb5aedd76023691bbce9ca4ce2e16bb07dd37554a17efc19935d%40%3Cpluto-dev.portals.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r2b78f23bc2711a76a7fc73ad67b7fcd6817c5cfccefd6f30a4f54943%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf6e5d894d4b03bef537c9d6641272e0197c047c0d1982b4e176d0353%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r687f489b10b0d14e46f626aa88476545e1a2600b24c4ebd3c0d2a10b%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r934208a520b38f5cf0cae199b6b076bfe7d081809528b0eff2459e40%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r8b02dc6f18df11ff39eedb3038f1e31e6f90a779b1959bae65107279%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9710067c7096b83cb6ae8f53a2f6f94e9c042d1bf1d6929f8f2a2b7a%40%3Ccommits.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r1209986f79359b518d09513ff05a88e5b3c398540e775edea76a4774%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r742b44fd75215fc75963b8ecc22b2e4372e68d67d3d859d2b5e8743f%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb2ffe2993f4dccc48d832e1a0f1c419477781b6ea16e725ca2276dbb%40%3Cdev.knox.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	junit-team	junit4	Version: < 4.13.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:23.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html"
          },
          {
            "name": "[creadur-dev] 20201013 [jira] [Created] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201014 [jira] [Commented] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20201014 [creadur-whisker] branch master updated: Update junit to fix CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201014 [jira] [Assigned] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20201014 [creadur-tentacles] branch master updated: Update junit to fix CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201014 [jira] [Updated] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201014 [jira] [Closed] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20201014 [creadur-rat] 01/02: RAT-277: Update junit to fix CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/junit-team/junit4/issues/1676"
          },
          {
            "name": "[debian-lts-announce] 20201101 [SECURITY] [DLA 2426-1] junit4 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00003.html"
          },
          {
            "name": "[pdfbox-dev] 20201115 ossindex-maven-plugin and build issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra1bdb9efae84794e8ffa2f8474be8290ba57830eefe9714b95da714b%40%3Cdev.pdfbox.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] eolivelli merged pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210415 [pulsar] branch master updated: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak (#10147)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20210621 [creadur-rat] 02/13: RAT-277: Update junit to fix CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r30f502d2f79e8d635361adb8108dcbb73095163fcbd776ee7984a094%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r925eaae7dd8f77dd61eefc49c1fcf54bd9ecfe605486870d7b1e9390%40%3Cpluto-dev.portals.apache.org%3E"
          },
          {
            "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-790 Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r29d703d1986d9b871466ff24082a1828ac8ad27bb0965a93a383872e%40%3Cpluto-scm.portals.apache.org%3E"
          },
          {
            "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r09cfbb5aedd76023691bbce9ca4ce2e16bb07dd37554a17efc19935d%40%3Cpluto-dev.portals.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211004 [jira] [Created] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2b78f23bc2711a76a7fc73ad67b7fcd6817c5cfccefd6f30a4f54943%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag opened a new pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6e5d894d4b03bef537c9d6641272e0197c047c0d1982b4e176d0353%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211004 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r687f489b10b0d14e46f626aa88476545e1a2600b24c4ebd3c0d2a10b%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag commented on pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r934208a520b38f5cf0cae199b6b076bfe7d081809528b0eff2459e40%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211008 [jira] [Commented] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8b02dc6f18df11ff39eedb3038f1e31e6f90a779b1959bae65107279%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-commits] 20211008 [knox] branch master updated: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250 (#505)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9710067c7096b83cb6ae8f53a2f6f94e9c042d1bf1d6929f8f2a2b7a%40%3Ccommits.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211008 [jira] [Resolved] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1209986f79359b518d09513ff05a88e5b3c398540e775edea76a4774%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211008 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r742b44fd75215fc75963b8ecc22b2e4372e68d67d3d859d2b5e8743f%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20211008 [GitHub] [knox] smolnar82 merged pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2ffe2993f4dccc48d832e1a0f1c419477781b6ea16e725ca2276dbb%40%3Cdev.knox.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "junit4",
          "vendor": "junit-team",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.13.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system\u0027s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:38",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html"
        },
        {
          "name": "[creadur-dev] 20201013 [jira] [Created] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201014 [jira] [Commented] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20201014 [creadur-whisker] branch master updated: Update junit to fix CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201014 [jira] [Assigned] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20201014 [creadur-tentacles] branch master updated: Update junit to fix CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201014 [jira] [Updated] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201014 [jira] [Closed] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20201014 [creadur-rat] 01/02: RAT-277: Update junit to fix CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/junit-team/junit4/issues/1676"
        },
        {
          "name": "[debian-lts-announce] 20201101 [SECURITY] [DLA 2426-1] junit4 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00003.html"
        },
        {
          "name": "[pdfbox-dev] 20201115 ossindex-maven-plugin and build issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra1bdb9efae84794e8ffa2f8474be8290ba57830eefe9714b95da714b%40%3Cdev.pdfbox.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] eolivelli merged pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210415 [pulsar] branch master updated: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak (#10147)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20210621 [creadur-rat] 02/13: RAT-277: Update junit to fix CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r30f502d2f79e8d635361adb8108dcbb73095163fcbd776ee7984a094%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r925eaae7dd8f77dd61eefc49c1fcf54bd9ecfe605486870d7b1e9390%40%3Cpluto-dev.portals.apache.org%3E"
        },
        {
          "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-790 Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r29d703d1986d9b871466ff24082a1828ac8ad27bb0965a93a383872e%40%3Cpluto-scm.portals.apache.org%3E"
        },
        {
          "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r09cfbb5aedd76023691bbce9ca4ce2e16bb07dd37554a17efc19935d%40%3Cpluto-dev.portals.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211004 [jira] [Created] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2b78f23bc2711a76a7fc73ad67b7fcd6817c5cfccefd6f30a4f54943%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag opened a new pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6e5d894d4b03bef537c9d6641272e0197c047c0d1982b4e176d0353%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211004 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r687f489b10b0d14e46f626aa88476545e1a2600b24c4ebd3c0d2a10b%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag commented on pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r934208a520b38f5cf0cae199b6b076bfe7d081809528b0eff2459e40%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211008 [jira] [Commented] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8b02dc6f18df11ff39eedb3038f1e31e6f90a779b1959bae65107279%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-commits] 20211008 [knox] branch master updated: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250 (#505)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9710067c7096b83cb6ae8f53a2f6f94e9c042d1bf1d6929f8f2a2b7a%40%3Ccommits.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211008 [jira] [Resolved] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1209986f79359b518d09513ff05a88e5b3c398540e775edea76a4774%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211008 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r742b44fd75215fc75963b8ecc22b2e4372e68d67d3d859d2b5e8743f%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20211008 [GitHub] [knox] smolnar82 merged pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2ffe2993f4dccc48d832e1a0f1c419477781b6ea16e725ca2276dbb%40%3Cdev.knox.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "source": {
        "advisory": "GHSA-269g-pwp5-87pp",
        "discovery": "UNKNOWN"
      },
      "title": "Information disclosure in JUnit4",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15250",
          "STATE": "PUBLIC",
          "TITLE": "Information disclosure in JUnit4"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "junit4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.13.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "junit-team"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system\u0027s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp",
              "refsource": "CONFIRM",
              "url": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp"
            },
            {
              "name": "https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae",
              "refsource": "MISC",
              "url": "https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae"
            },
            {
              "name": "https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md",
              "refsource": "MISC",
              "url": "https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md"
            },
            {
              "name": "https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html",
              "refsource": "MISC",
              "url": "https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html"
            },
            {
              "name": "[creadur-dev] 20201013 [jira] [Created] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201014 [jira] [Commented] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20201014 [creadur-whisker] branch master updated: Update junit to fix CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201014 [jira] [Assigned] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20201014 [creadur-tentacles] branch master updated: Update junit to fix CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201014 [jira] [Updated] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201014 [jira] [Closed] (RAT-277) Update junit in all Creadur projects in order to fix CVE-2020-15250 (Low severity)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20201014 [creadur-rat] 01/02: RAT-277: Update junit to fix CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "https://github.com/junit-team/junit4/issues/1676",
              "refsource": "MISC",
              "url": "https://github.com/junit-team/junit4/issues/1676"
            },
            {
              "name": "[debian-lts-announce] 20201101 [SECURITY] [DLA 2426-1] junit4 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00003.html"
            },
            {
              "name": "[pdfbox-dev] 20201115 ossindex-maven-plugin and build issue",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra1bdb9efae84794e8ffa2f8474be8290ba57830eefe9714b95da714b@%3Cdev.pdfbox.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210413 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210414 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari removed a comment on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] lhotari commented on pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210415 [GitHub] [pulsar] eolivelli merged pull request #10147: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210415 [pulsar] branch master updated: [Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak (#10147)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20210621 [creadur-rat] 02/13: RAT-277: Update junit to fix CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r30f502d2f79e8d635361adb8108dcbb73095163fcbd776ee7984a094@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r925eaae7dd8f77dd61eefc49c1fcf54bd9ecfe605486870d7b1e9390@%3Cpluto-dev.portals.apache.org%3E"
            },
            {
              "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-790 Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r29d703d1986d9b871466ff24082a1828ac8ad27bb0965a93a383872e@%3Cpluto-scm.portals.apache.org%3E"
            },
            {
              "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-790) Upgrade to JUnit 4.13.1 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r09cfbb5aedd76023691bbce9ca4ce2e16bb07dd37554a17efc19935d@%3Cpluto-dev.portals.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211004 [jira] [Created] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2b78f23bc2711a76a7fc73ad67b7fcd6817c5cfccefd6f30a4f54943@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag opened a new pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6e5d894d4b03bef537c9d6641272e0197c047c0d1982b4e176d0353@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211004 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r687f489b10b0d14e46f626aa88476545e1a2600b24c4ebd3c0d2a10b@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211004 [GitHub] [knox] zeroflag commented on pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r934208a520b38f5cf0cae199b6b076bfe7d081809528b0eff2459e40@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211008 [jira] [Commented] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8b02dc6f18df11ff39eedb3038f1e31e6f90a779b1959bae65107279@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-commits] 20211008 [knox] branch master updated: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250 (#505)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9710067c7096b83cb6ae8f53a2f6f94e9c042d1bf1d6929f8f2a2b7a@%3Ccommits.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211008 [jira] [Resolved] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1209986f79359b518d09513ff05a88e5b3c398540e775edea76a4774@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211008 [jira] [Work logged] (KNOX-2674) Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r742b44fd75215fc75963b8ecc22b2e4372e68d67d3d859d2b5e8743f@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20211008 [GitHub] [knox] smolnar82 merged pull request #505: KNOX-2674 - Upgrade junit to 4.13.2 due to CVE-2020-15250",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2ffe2993f4dccc48d832e1a0f1c419477781b6ea16e725ca2276dbb@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-269g-pwp5-87pp",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15250",
    "datePublished": "2020-10-12T17:55:13",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:23.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

ncsc-2025-0334

Vulnerability from csaf_ncscnl

CVE-2024-48014 (GCVE-0-2024-48014)

Vulnerability from cvelistv5

CVE-2024-41909 (GCVE-0-2024-41909)

Vulnerability from cvelistv5

CVE-2025-8916 (GCVE-0-2025-8916)

Vulnerability from cvelistv5

CVE-2023-45853 (GCVE-0-2023-45853)

Vulnerability from cvelistv5

CVE-2025-27533 (GCVE-0-2025-27533)

Vulnerability from cvelistv5

CVE-2025-27817 (GCVE-0-2025-27817)

Vulnerability from cvelistv5

CVE-2025-48976 (GCVE-0-2025-48976)

Vulnerability from cvelistv5

CVE-2025-61752 (GCVE-0-2025-61752)

Vulnerability from cvelistv5

CVE-2025-55163 (GCVE-0-2025-55163)

Vulnerability from cvelistv5

CVE-2025-53816 (GCVE-0-2025-53816)

Vulnerability from cvelistv5

CVE-2025-61757 (GCVE-0-2025-61757)

Vulnerability from cvelistv5

CVE-2025-48924 (GCVE-0-2025-48924)

Vulnerability from cvelistv5

CVE-2025-61764 (GCVE-0-2025-61764)

Vulnerability from cvelistv5

CVE-2025-48795 (GCVE-0-2025-48795)

Vulnerability from cvelistv5

CVE-2025-48734 (GCVE-0-2025-48734)

Vulnerability from cvelistv5

CVE-2020-15250 (GCVE-0-2020-15250)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature