Published: 06/05/2022 Updated: 03/12/2022

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netty netty
oracle financial services crime and compliance management studio 8.0.8.2.0
oracle financial services crime and compliance management studio 8.0.8.3.0
netapp snapcenter -
netapp oncommand workflow automation -
netapp active iq unified manager -

Debian Bug report logs - #1010693 netty: CVE-2022-24823 Package: src:netty; Maintainer for src:netty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 May 2022 14:57:01 UTC Severity: important Tags: security, upstream Found ...

Synopsis Important: Red Hat Data Grid 840 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid 8 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating ...

Synopsis Important: Red Hat AMQ Broker 7101 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 7101 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Red Hat AMQ Streams 220 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Streams 220 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 746 Security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 746 Security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

概述 Important: Red Hat AMQ Streams 240 release and security update 类型/严重性 Security Advisory: Important 标题 Red Hat AMQ Streams 240 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Important: Red Hat Fuse 7111 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 711 to 7111) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this updat ...

CVE-2021-21290 contains an incomplete fix, and this CVE-2022-24823 addresses the issue found in netty When netty's multipart decoders are used, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled ...

An exploration of Neo4j with deployment to AWS in an active state on demand and a passive state when unused.

ondemand-neo4j On-demand Neo4j is an exploration of Neo4j with deployment to AWS in an active state on demand and a passive state when unused Mission statement: Be a useful starting point for a low utilisation project using Neo4j and a demonstration platform that wakes up in under a minute Getting started on Windows Install Git: ht

CWE-668 CWE-378 CWE-379 https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q https://security.netapp.com/advisory/ntap-20220616-0004/https://www.oracle.com/security-alerts/cpujul2022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010693 https://nvd.nist.gov https://github.com/antonycc/ondemand-neo4j https://access.redhat.com/security/cve/cve-2022-24823

Get Started

CVE-2022-24823

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect