PartialBufferOutputStream2 flush issues

GHSA-8hmh-mhqv-7638

Published May 17, 2022 · Modified Jul 10, 2024

Description

Withdrawn

This advisory has been withdrawn as there the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see.

Original Advisory

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2008-7227
WEB https://github.com/github/advisory-database/pull/4585
WEB https://osgeo-org.atlassian.net/browse/GEOS-1747
WEB http://osvdb.org/43266

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes