1. Home
  2. Vulnerabilities
  3. CVE-2020-17534

CVE-2020-17534

CVSS v3.1 7 (High)
70% Progress
CVSS v2.0 4.4 (Medium)
44% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2021-01-11 16:15:14
(3 years ago)
Updated Date
2021-01-20 15:57:23
(3 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Html/java Api 1.7 cpe:2.3:a:apache:html\%2fjava_api:1.7