Security Advisory

CVE-2024-22236

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-31 06:54:51

Last updated 2025-06-03 18:43:58

Assigner vmware

State PUBLISHED

Description

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

← Browse all CVEs View on cve.org ↗