Home > Vulnerability Database > CVE-2024-22236

Mend.io Vulnerability Database

CVE-2024-22236

Good to know:

Date: January 31, 2024

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

Language: Java

Severity Score

3.3

Related Resources (4)

Url: https://spring.io/security/cve-2024-22236

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22236

Url: https://github.com/spring-cloud/spring-cloud-contract

Url: https://www.mend.io/vulnerability-database/CVE-2024-22236

Severity Score

3.3

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version org.springframework.cloud:spring-cloud-contract-shade:3.1.10,4.0.5,4.1.1

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22236

Good to know:

Date: January 31, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?