CVE-2013-0248: /tmp directory used by default for uploaded files

March 15, 2013 (updated October 19, 2017)

The default configuration of javax.servlet.context.tempdir in this package uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

References

mail-archives.apache.org/mod_mbox/commons-user/201303.mbox/%3C51371C31.8020805@apache.org%3E
bugzilla.redhat.com/CVE-2013-0248

Code Behaviors & Features

Detect and mitigate CVE-2013-0248 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →