CVE-2022-27772 in Pivotal Software and VMware Products
Published on March 30, 2022
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
Products Associated with CVE-2022-27772
stack.watch emails you whenever new vulnerabilities are published in Pivotal Software Spring Boot or VMware Spring Boot. Just hit a watch button to start following.
Vulnerable Packages
The following package name and versions may be associated with CVE-2022-27772
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| maven | org.springframework.boot:spring-boot | <= 2.2.10.RELEASE | 2.2.11.RELEASE |
Exploit Probability
EPSS
0.81%
Percentile
74.01%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.