CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vmware: >> Spring Cloud Contract >> 4.0.4 Security Vulnerabilities

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

CVSS Score

3.3

EPSS Score

0.001

Published

2024-01-31

Page 1

Vulnerabilities

Vulnerable Software

Vmware: >> Spring Cloud Contract >> 4.0.4 Security Vulnerabilities

Products

Pricing

Contact Us