Search for packages
| purl | pkg:maven/org.springframework.boot/spring-boot@1.5.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hek3-n96t-bydw
Aliases: CVE-2018-1196 GHSA-xx65-cc7g-9pfp |
Symlink privilege escalation attack via Spring Boot launch script Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot is susceptible to a symlink attack which allows the `run_user` to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the `run_user` requires shell access to the server. |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:57:02.172903+00:00 | GHSA Importer | Affected by | VCID-hek3-n96t-bydw | https://github.com/advisories/GHSA-xx65-cc7g-9pfp | 38.0.0 |