漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
VMware Spring Security 安全漏洞
Vulnerability Description
VMware Spring Security是美国威睿(VMware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 Spring Security 6.1.1 到 6.1.3、6.0.4 到 6.0.6、5.8.4 到 5.8.6、5.7.9 到 5.7.10版本存在安全漏洞,该漏洞源于spring到security.xsd 文件在spring到security到config jar 是全局可写的,任何有权访问文件系统的人都可以编写它。
CVSS Information
N/A
Vulnerability Type
N/A