CVE-2020-17534
CVSS v3.1
7 (High)
CVSS v2.0
4.4 (Medium)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
1
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit
subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6
Weaknesses
- CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2021-01-11 16:15:14
(3 years ago) - Updated Date
-
2021-01-20 15:57:23
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...