CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.4%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

Products affected by CVE-2022-21230

Nanohttpd » Nanohttpd » Version: N/A

cpe:2.3:a:nanohttpd:nanohttpd:-
Nanohttpd » Nanohttpd » Version: 1.25

cpe:2.3:a:nanohttpd:nanohttpd:1.25
Nanohttpd » Nanohttpd » Version: 1.26

cpe:2.3:a:nanohttpd:nanohttpd:1.26
Nanohttpd » Nanohttpd » Version: 1.27

cpe:2.3:a:nanohttpd:nanohttpd:1.27
Nanohttpd » Nanohttpd » Version: 1.28

cpe:2.3:a:nanohttpd:nanohttpd:1.28
Nanohttpd » Nanohttpd » Version: 2.0.0

cpe:2.3:a:nanohttpd:nanohttpd:2.0.0
Nanohttpd » Nanohttpd » Version: 2.0.2

cpe:2.3:a:nanohttpd:nanohttpd:2.0.2
Nanohttpd » Nanohttpd » Version: 2.0.3

cpe:2.3:a:nanohttpd:nanohttpd:2.0.3
Nanohttpd » Nanohttpd » Version: 2.0.4

cpe:2.3:a:nanohttpd:nanohttpd:2.0.4
Nanohttpd » Nanohttpd » Version: 2.0.5

cpe:2.3:a:nanohttpd:nanohttpd:2.0.5
Nanohttpd » Nanohttpd » Version: 2.1.0

cpe:2.3:a:nanohttpd:nanohttpd:2.1.0
Nanohttpd » Nanohttpd » Version: 2.2.0

cpe:2.3:a:nanohttpd:nanohttpd:2.2.0
Nanohttpd » Nanohttpd » Version: 2.3.0

cpe:2.3:a:nanohttpd:nanohttpd:2.3.0
Nanohttpd » Nanohttpd » Version: 2.3.1

cpe:2.3:a:nanohttpd:nanohttpd:2.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21230

Products

Pricing

Contact Us