Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivotal Spring Boot 安全漏洞
Vulnerability Description
Pivotal Spring Boot是美国Pivotal Software公司的一个用来简化新Spring应用的初始搭建以及开发过程的全新框架。 Pivotal Spring Boot 1.5.0版本至1.5.9版本和2.0.0.M1版本至2.0.0.M7版本中存在安全漏洞。攻击者可利用该漏洞实施符号链接攻击,覆盖并获取同一系统上任意文件的所有权。
CVSS Information
N/A
Vulnerability Type
N/A