org.springframework.data:spring-data-geode@2.7.6 vulnerabilities
latest version
2.7.18
first published
9 years ago
latest version published
2 years ago
licenses detected
- [1.0.0.APACHE-GEODE-INCUBATING-M2,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.springframework.data:spring-data-geode package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the use of an insecure temporary directory during snapshot import operations. An attacker can access sensitive information by reading files from the temporary directory. How to fix Creation of Temporary File in Directory with Insecure Permissions? There is no fixed version for | [0,) |
Affected versions of this package are vulnerable to Relative Path Traversal via the import snapshot module that lacks sanitization of zip filenames. An attacker can write arbitrary files to the filesystem by supplying crafted file paths with Note: This issue affects only Windows OS users. How to fix Relative Path Traversal? There is no fixed version for | [0,) |