CVE-2024-50379

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-367
View all →

Vulnerability Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Related Vulnerabilities

CVE-2019-5421

CRITICAL
CVSS:9.8(Critical)

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts...

CWE-3672019

CVE-2019-7249

CRITICAL
CVSS:9.8(Critical)

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with...

CWE-3672019

CVE-2023-33154

CRITICAL
CVSS:9.8(Critical)

Windows Partition Management Driver Elevation of Privilege Vulnerability

CWE-3672023

CVE-2024-27114

HIGH
CVSS:9.8(Critical)

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail...

CWE-3672024

CVE-2024-28718

CRITICAL
CVSS:9.8(Critical)

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

CWE-3672024

CVE-2024-41779

CRITICAL
CVSS:9.8(Critical)

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted reques...

CWE-3672024