CVE-2022-43484: Improper Input Validation

December 5, 2022

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 is vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability. The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.

References

terasolunaorg.github.io/vulnerability/cve-2022-43484.html
github.com/advisories/GHSA-q5j9-f95w-f4pr
jvn.jp/en/jp/JVN54728399/index.html
nvd.nist.gov/vuln/detail/CVE-2022-43484
osdn.net/projects/terasoluna/wiki/cve-2022-43484

Detect and mitigate CVE-2022-43484 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →