GHSA-r7mv-mv7m-pjw3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r7mv-mv7m-pjw3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-r7mv-mv7m-pjw3/GHSA-r7mv-mv7m-pjw3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-r7mv-mv7m-pjw3
- Aliases
- Published
- 2024-11-04T18:31:23Z
- Modified
- 2024-11-04T23:42:10.583243Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- hornetq vulnerable to file overwrite, sensitive information disclosure
- Details
-
An issue in the
createTempFilemethod of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information. - Database specific
{ "github_reviewed_at": "2024-11-04T23:23:41Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-200" ], "nvd_published_at": "2024-11-04T18:15:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-51127
- https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md
- https://github.com/darranl/hornetq
- https://github.com/hornetq/hornetq/blob/HornetQ_2_4_9_Final/hornetq-core-client/src/main/java/org/hornetq/core/client/impl/ClientConsumerImpl.java#L665C35-L665C49
- http://hornetq.com
Affected packages
Maven / org.hornetq:hornetq-core-client
Package
- Name
- org.hornetq:hornetq-core-client
- View open source insights on deps.dev
- Purl
- pkg:maven/org.hornetq/hornetq-core-client
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.4.9
Affected versions
Other
snap-r9305
snap-r9306
snap-r9306b
snap-r9310
snap-r9312
snap-r9314
snap-r9333
snap-r9548
2.*
2.0.0.BETA5
2.0.0.CR2
2.0.0.CR3
2.0.0.GA
2.1.0.BETA1
2.1.0.BETA2
2.1.0.BETA3
2.1.0.CR1
2.1.0.Final
2.1.0.r8931
2.1.0.r8936
2.1.0.r8938
2.1.0.r8945
2.1.0.r8956
2.1.0.r9008
2.1.0.r9031
2.1.1.Final
2.1.2.Final
2.2.0.EAP-QA-10136
2.2.0.EAP-QA-10148
2.2.0.EAP-QA-10154
2.2.0.EAP-QA-10162
2.2.0.EAP-QA-10169
2.2.0.EAP-QA-10183
2.2.0.EAP-QA-10185
2.2.0.EAP-QA-10198
2.2.0.EAP-QA-10199
2.2.0.EAP-QA-10222
2.2.0.EAP-QA-10227
2.2.0.EAP-QA-10231
2.2.0.QA1
2.2.0.QA2
2.2.0.QA3
2.2.0.QA4
2.2.0.QA-10035
2.2.0.QA-10039
2.2.0.QA-10041
2.2.0.QA-10090
2.2.0.QA-10111
2.2.0.QA-10117
2.2.0.QA-10129
2.2.1.GA
2.2.1.QA-10278
2.2.1.QA-10280
2.2.1.QA-10291
2.2.1.GA-10354
2.2.1.GA-10362
2.2.2.Final
2.2.5.Final
2.2.6.Final
2.2.7.Final
2.2.9.AS7.Final
2.2.10.Final
2.2.11.Final
2.2.12.Final
2.2.13.Final
2.2.14.Final
2.2.15.Final
2.2.16.Final
2.2.17.Final
2.2.18.Final
2.2.19.Final
2.2.19.Final-build2
2.2.21.Final
2.3.0.Alpha
2.3.0.BETA1
2.3.0.BETA2
2.3.0.BETA3
2.3.0.CR1
2.3.0.CR2
2.3.0.Final
2.3.1.Final
2.3.2.Final
2.3.3.Final
2.3.4.Final
2.3.5.Final
2.3.6.Final
2.3.7.Final
2.3.8.Final
2.3.9.Final
2.3.10.Final
2.3.11.Final
2.3.12.Final
2.3.13.Final
2.3.15.Final
2.3.17.Final
2.3.18.Final
2.3.19.Final
2.3.22.Final
2.3.23.Final
2.3.24.Final
2.3.25.Final
2.4.0.Alpha1
2.4.0.Beta1
2.4.0.Beta2
2.4.0.Beta3
2.4.0.Final
2.4.1.Final
2.4.2.Final
2.4.3.Final
2.4.4.Final
2.4.5.Final
2.4.6.Final
2.4.7.Final
2.4.8.Final
2.4.9.Final