CVE-2024-22236

N/A

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

N/A

Spring Cloud 安全漏洞

Spring Cloud是美国Spring团队的一款基于 Spring Boot 实现的微服务框架。 Spring Cloud Contract 4.1.1 之前、4.0.5 之前、3.1.10 之前版本存在安全漏洞，该漏洞源于通过使用不安全权限创建的临时目录可能泄露本地信息。

N/A

N/A