Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Deserialization of Untrusted Data
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Deserialization of Untrusted Data
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><232-25+deb9u10
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream systemd package.
See How to fix? for Debian:9 relevant versions.
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
References
- Debian Security Announcement
- Debian Security Tracker
- Exploit DB
- Gentoo Security Advisory
- GitHub PR
- MLIST
- N/A
- REDHAT
- REDHAT
- RHSA Security Advisory
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active