CVE-2022-27772: Exposure of Resource to Wrong Sphere

March 30, 2022 (updated April 5, 2022)

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.

References

github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
nvd.nist.gov/vuln/detail/CVE-2022-27772

Detect and mitigate CVE-2022-27772 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →