CVE-2013-2035: Predictable temporary file name leading to local arbitrary code execution
(updated )
When a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp
.
References
Detect and mitigate CVE-2013-2035 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →