Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Deserialization of Untrusted Data

[armorcodegithubpreprod]

Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Deserialization of Untrusted Data

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): ><232-25+deb9u10
• Vulnerable Path: >null

NVD Description

Note:
Versions mentioned in the description apply to the upstream systemd package.
See How to fix? for Debian:9 relevant versions.

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

References

• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• GitHub PR
• MLIST
• N/A
• REDHAT
• REDHAT
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Origin : null
Type : null
Image Id : null

Snyk Project Status: Active

---

---

[armorcodegithubpreprod]

Finding [47833068|https://preprod.armorcode.ai/#/findings/257/1167/47833068] is Mitigated
by SYSTEM via ArmorCode Platform

[armorcodegithubpreprod]

Finding [47833068|https://preprod.armorcode.ai/#/findings/257/1167/47833068] status changed to Confirmed
Note:
by SYSTEM via ArmorCode Platform