Open mend-bolt-for-github[bot] opened 1 year ago
Kotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to vulnerable library: /open-offsets-directory/react/node_modules/jetifier/lib/kotlin-stdlib-1.3.60.jar
Dependency Hierarchy: - :x: **kotlin-stdlib-1.3.60.jar** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Publish Date: 2021-02-03
URL: CVE-2020-29582
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-cqj8-47ch-rvvq
Release Date: 2021-02-03
Fix Resolution: 1.4.21
Step up your Open Source Security Game with Mend here
CVE-2020-29582 - Medium Severity Vulnerability
Vulnerable Library - kotlin-stdlib-1.3.60.jar
Kotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to vulnerable library: /open-offsets-directory/react/node_modules/jetifier/lib/kotlin-stdlib-1.3.60.jar
Dependency Hierarchy: - :x: **kotlin-stdlib-1.3.60.jar** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
Vulnerability Details
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Publish Date: 2021-02-03
URL: CVE-2020-29582
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-cqj8-47ch-rvvq
Release Date: 2021-02-03
Fix Resolution: 1.4.21
Step up your Open Source Security Game with Mend here