Race Condition in HTML/Java API Affects Apache NetBeans
CVE-2020-17534

7HIGH

Key Information:

Vendor: Apache
Status: Apache Netbeans Html/java Api
Vendor: CVE Published:; 11 January 2021

Summary

A race condition vulnerability exists in the webkit subproject of the HTML/Java API within Apache NetBeans. This occurs due to improper handling between the deletion of a temporary file and the creation of a temporary directory, potentially allowing local privilege escalation. The risk can be mitigated by updating to HTML/Java API version 1.7.1, which addresses this issue by ensuring that the creation of the temporary directory is handled atomically, separating it from the temporary file process.

Affected Version(s)

Apache NetBeans HTML/Java API v1.7

References

https://lists.apache.org/thread.html/ra6119c0cdfccf051a84...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2021
Vulnerability Reserved
Aug 12, 2020