Arbitrary Code Injection Affecting org.fusesource.hawtjni:hawtjni-runtime Open this link in a new tab package, versions [,1.8)


0.0
medium
  • Attack Complexity

    Low

  • User Interaction

    Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGFUSESOURCEHAWTJNI-30093

  • published

    25 Dec 2016

  • disclosed

    28 Aug 2013

  • credit

    Unknown

How to fix?

Upgrade org.fusesource.hawtjni:hawtjni-runtime to version 1.8 or higher.

Overview

org.fusesource.hawtjni:hawtjni-runtime is a JNI code generator based on the JNI generator used by the eclipse SWT project.

Affected versions of this package are vulnerable to Arbitrary Code Injection in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in. When a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.