High severityNVD Advisory· Published May 27, 2021· Updated Aug 3, 2024
CVE-2021-22118
CVE-2021-22118
Description
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-webMaven | >= 5.2.0, < 5.2.15 | 5.2.15 |
org.springframework:spring-webMaven | >= 5.3.0, < 5.3.7 | 5.3.7 |
Affected products
2- Spring/Spring Frameworkdescription
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-gfwj-fwqj-fp3vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-22118ghsaADVISORY
- github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5acghsaWEB
- github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1ghsaWEB
- github.com/spring-projects/spring-framework/issues/26931ghsaWEB
- security.netapp.com/advisory/ntap-20210713-0005ghsaWEB
- security.netapp.com/advisory/ntap-20210713-0005/mitrex_refsource_CONFIRM
- spring.io/security/cve-2021-22118ghsaWEB
- tanzu.vmware.com/security/cve-2021-22118ghsax_refsource_MISCWEB
- www.oracle.com//security-alerts/cpujul2021.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.