CVE-2024-51127

CWE-22Path TraversalCWE-200Information Exposure5 documents5 sources
Severity
7.1HIGH
EPSS
1.5%
top 19.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Hornetq
Timeline
PublishedNov 4

Description

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDredhat/hornetq2.4.9

🔴Vulnerability Details

3
GHSA
hornetq vulnerable to file overwrite, sensitive information disclosure2024-11-04
OSV
hornetq vulnerable to file overwrite, sensitive information disclosure2024-11-04
CVEList
CVE-2024-51127: An issue in the createTempFile method of hornetq v22024-11-04

📋Vendor Advisories

1
Red Hat
hornetq-core-client: Arbitrarily overwrite files or access sensitive information2024-11-04
CVE-2024-51127 (HIGH CVSS 7.1) | An issue in the createTempFile meth | cvebase.io