VDB
CVE-2021-22118
CVE-2021-22118
PUBLISHED
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
EPSS 0.25% · 48.7th percentile
Risk Scores
EPSS Score
0.25%
48.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | libspring-java | 0, 3.2.13-4, 3.2.13-5 |
Timeline
- CVE Published
- May 28, 2021 EPSS Score
- Jun 8, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Jul 30, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Jan 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-22118 third-party-advisory
- https://tanzu.vmware.com/security/cve-2021-22118 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-22118 third-party-advisory