Vulnerability: Temporary Directory Hijacking in Spring Boot (Versions Prior to v2.2.11.RELEASE)

Vulnerability: Temporary Directory Hijacking in Spring Boot (Versions Prior to v2.2.11.RELEASE)

CVE-2022-27772 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Learn more about our Web App Pen Testing.