CVE-2013-2035: Predictable temporary file name leading to local arbitrary code execution

August 28, 2013 (updated January 17, 2015)

When a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

References

bugzilla.redhat.com/CVE-2013-2035

Detect and mitigate CVE-2013-2035 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →