124 – Race condition

Description

The system presents unexpected behavior when the inputs of a specific functionality do not arrive in the expected order.

Impact

- Overwrite, delete or read arbitrary files from the system. - Cause unexpected behavior in the application.

Recommendation

Ensure that the verification and use of inputs must be realized at the same time or in an atomic way.

Threat

Anonymous attacker in the system.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: L
• Attack Requirements: P
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 337 - Make critical logic flows thread safe

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/13