Back to Advisories
🔔 CVE Advisory

CVE-2021-22118

Spring Framework

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Year 2021
Published July 30, 2021

Advisory Information

Affected Product Spring Framework
Title CVE-2021-22118
Description

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Year 2021
Published Date July 30, 2021
View Full CVE Advisory

Affected Vendors

V
VMWare

Research Team

TP
Trung Pham