CVE-2013-2035
Improper Control of Generation of Code in HawtJNI
EPSS 0.04%
描述
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
如何修補 CVE-2013-2035
要修補 CVE-2013-2035,請將受影響套件升級到下列已修補版本。
- Debian/hawtjni—升級至 1.10-1 或更新版本
- Maven/org.fusesource.hawtjni:hawtjni-runtime—升級至 1.8 或更新版本
CVE-2013-2035 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 1.10-1
- from 0, < 1.8