CVE-2021-39180
- Source
- https://cve.org/CVERecord?id=CVE-2021-39180
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39180.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-39180
- Related
- Published
- 2021-08-31T18:15:08.550Z
- Modified
- 2026-04-11T21:23:17.737979Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading.
- References
-
- https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-x95v-2pgj-9x8j
- https://jira.openolat.org/browse/OO-5549
- https://github.com/OpenOLAT/OpenOLAT/commit/2cf73c972e23ccd69cc1e103e43c2c8253571d3e
- https://github.com/OpenOLAT/OpenOLAT/commit/5668a41ab3f1753102a89757be013487544279d5
- https://github.com/OpenOLAT/OpenOLAT/commit/699490be8e931af0ef1f135c55384db1f4232637
Affected packages
Git / github.com/openolat/openolat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openolat/openolat
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedFixedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "15.3.18" }, { "introduced": "15.4.0" }, { "fixed": "15.5.3" } ] }
Affected versions
OLAT-7.*
OLAT-7.1.0
OpenOLAT_10.*
OpenOLAT_10.0.0
OpenOLAT_10.0.1
OpenOLAT_10.0.2
OpenOLAT_10.0.3
OpenOLAT_10.0.4
OpenOLAT_10.0.5
OpenOLAT_11.*
OpenOLAT_11.3.0
OpenOLAT_12.*
OpenOLAT_12.2.0
OpenOLAT_12.3.0
OpenOLAT_13.*
OpenOLAT_13.0.0
OpenOLAT_13.0.0beta1
OpenOLAT_13.0.0beta3
OpenOLAT_13.0.0beta4
OpenOLAT_13.0.0beta5
OpenOLAT_13.0.0beta6
OpenOLAT_13.0.0beta7
OpenOLAT_13.0.0beta8
OpenOLAT_13.0.0beta9
OpenOLAT_13.2.0
OpenOLAT_14.*
OpenOLAT_14.0.0
OpenOLAT_15.*
OpenOLAT_15.0.0
OpenOLAT_15.1.0
OpenOLAT_15.2.0
OpenOLAT_15.3.0
OpenOLAT_15.3.1
OpenOLAT_15.3.10
OpenOLAT_15.3.11
OpenOLAT_15.3.12
OpenOLAT_15.3.13
OpenOLAT_15.3.14
OpenOLAT_15.3.15
OpenOLAT_15.3.16
OpenOLAT_15.3.17
OpenOLAT_15.3.2
OpenOLAT_15.3.3
OpenOLAT_15.3.4
OpenOLAT_15.3.5
OpenOLAT_15.3.6
OpenOLAT_15.3.7
OpenOLAT_15.3.8
OpenOLAT_15.3.9
OpenOLAT_15.4.0
OpenOLAT_15.5.0
OpenOLAT_15.5.1
OpenOLAT_15.5.2
OpenOLAT_15.5.3
OpenOLAT_15.pre.0.a
OpenOLAT_15.pre.1
OpenOLAT_15.pre.2
OpenOLAT_15.pre.3
OpenOLAT_15.pre.4
OpenOLAT_15.pre.6
OpenOLAT_15.pre.7
OpenOLAT_15.pre.9
OpenOLAT_8.*
OpenOLAT_8.1
OpenOLAT_8.1.1
OpenOLAT_8.1.2
OpenOLAT_9.*
OpenOLAT_9.0.0
OpenOLAT_9.1.0
OpenOLAT_9.2.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39180.json"
vanir_signatures_modified
"2026-04-11T21:23:17Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/PathUtils.java",
"function": "closeSubsequentFS"
},
"signature_type": "Function",
"digest": {
"function_hash": "74177384332602714720411371937977533041",
"length": 159.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-034e55ac"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/ZipUtil.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"193488371715696027154894025858071887696",
"122313628555400704333922010695251166949",
"195806990793561809551573117577709150227",
"188242338881147896686316781731557435395",
"147793315047955144960881457755553278499",
"293016615979369868792580568870712818009",
"90290907230708935100547644850827452049",
"303116560473962291772534837580922151041",
"7870490789583686419332506827582994501",
"12996984863084407175349638978870161882",
"261876008036690100070603952277071540079",
"225080493181370168090176617053190781070",
"145600995384314645721656409078153447406",
"291198367178100533442823549484744828205",
"10330157197710803012475464981246003393",
"67445899573398745792222500948677624579",
"95710541108746068066263877096785460526",
"299632369228087178920546384858016745838",
"36235181827349661877040440646914406673",
"234408818162232882808382073124588999967",
"215137592960892817502576845055617440919",
"10090580228518053685131143804820949400",
"2122955346539496480689610743076828763",
"221827986849382286441157835786971085801",
"228285938094655630261767027217043632137",
"134421940278134278113163730398040081081",
"148359182807692520062717868143526510506",
"69616655243074524165757852322936687671",
"221235685624164734888871411448836350144",
"257339255631224641323753838849953091292",
"48108385304063358243054551667326139212"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-110e07a4"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/qti21/pool/QTI21ImportProcessor.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"125384695294875261672008021252924256896",
"63278198728451687058795357664416469060",
"163839922224962513430550382342611160952",
"58211457608061299852566216377560881547",
"142865517124793990882029160549045447530",
"210580338254345919926644513038927693132",
"181342382765653496514250593644205571172",
"328057511722466393217371730497237062139"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-112f07d6"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/qti21/repository/handlers/CopyAndConvertVisitor.java",
"function": "visitFile"
},
"signature_type": "Function",
"digest": {
"function_hash": "72519758507193438097788958427770527869",
"length": 537.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-1e0aea0b"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/cp/ui/VFSRootCPContainer.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279012173484021159944935749658485121826",
"319954026424847897484882620352405935797",
"64080048233660589091745853108158046260"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-1e8c1a6c"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/ZipUtil.java",
"function": "unzip"
},
"signature_type": "Function",
"digest": {
"function_hash": "10411209980996211166741539836250457755",
"length": 1711.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-21e7a9d7"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ScormCPFileResource.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"194086907254416557194771056530826539387",
"201215351040240284806507825323476382492",
"188670872908834636643371968594020210651",
"122313628555400704333922010695251166949",
"195806990793561809551573117577709150227",
"67769592122734791594171835579496605833",
"75857844615632290999231200609609684182",
"140390911528831443513918009280667587602",
"272956406639380185311808147993593929250",
"208571624632947917977843648529912252097",
"248116764994908847799383926046986978289",
"18962166913525599740285554237524994303"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-242a4b5e"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/cp/ui/VFSCPNamedContainerItem.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"205632150157771598042263914124282390102",
"21524966728855086422560634373220073681",
"51443131804027209376554198163203447487"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-2d7e1f19"
},
{
"deprecated": false,
"target": {
"file": "src/test/java/org/olat/test/AllTestsJunit4.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"308951381138656649880824117566459883753",
"132902440765223890909332972011725298090",
"278629518165533575373708283424013482860",
"154396505975862067167231494518995923814"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-3c54f7f0"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ImsQTI21Resource.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"337452950742753926883086511191788901300",
"24127768016708160349469303284744890134",
"91453891099232449347046698263438744684",
"255306393764403499712001032938529226037",
"122313628555400704333922010695251166949",
"195806990793561809551573117577709150227",
"322856441868774713831698154954362211077",
"105579489282591081852627518291298087948",
"148987041811720554750322677062268981850",
"272956406639380185311808147993593929250",
"208571624632947917977843648529912252097",
"248116764994908847799383926046986978289",
"18962166913525599740285554237524994303"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-4364df08"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/modules/wiki/WikiManager.java",
"function": "visitFile"
},
"signature_type": "Function",
"digest": {
"function_hash": "10917102451747752032380527201286131228",
"length": 876.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-44afbc24"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ImsQTI21Resource.java",
"function": "evaluate"
},
"signature_type": "Function",
"digest": {
"function_hash": "130327879231617030296325608898650690180",
"length": 816.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-4b0fce95"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/qti21/repository/handlers/CopyAndConvertVisitor.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"247994145061533117003313307595225919948",
"247661427692098166266941844317733451211",
"10720177763724946437270511263616936611",
"27221952331067217830225233861077550412",
"327580758708949957696630678465132359520",
"50800684895425224703569584660169198053",
"197747694553800014930902839674632442287",
"117961948938089633960335298786447262355",
"136090245894161945827092760887383119379",
"78665228620524906344888199138376933625",
"106907056160283612449125417775205022844",
"306399418530017553335396184113887633770",
"125896287170865831402590285741587278976",
"205429813054512270310668726778125602592",
"149172411262274865838245417903190703027"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-5609ac4c"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/vfs/LocalFolderImpl.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"305111245733879022743068109699141385234",
"287321491297605453166800107611748252899",
"155790343174751925169165659328438341749"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-588ee7a2"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/vfs/MergeSource.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"277454440308680740074887181869875286182",
"212946279956696922324119957691641128516",
"326719019183966807605938602485048578024"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-6596ceb9"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/vfs/VirtualContainer.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"274140543191920809926793232599400268859",
"176746232072848387263213068932469465443",
"236815802964304838239498667278324225672"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-69c5bd81"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/vfs/NamedContainerImpl.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"229945440555651996698568408873609034166",
"199728108733350264022656475528507135373",
"73648676833705242984604505737093282367"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-6be858c5"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/cp/ui/VFSMediaFilesContainer.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"279012173484021159944935749658485121826",
"87060513958355687026759223777964827950",
"179575797292602422229214697219309333"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-74f66fcd"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ImsCPFileResource.java",
"function": "evaluate"
},
"signature_type": "Function",
"digest": {
"function_hash": "265467063158537689893313512896118874439",
"length": 938.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-7b4c3b22"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/cp/ui/VFSCPContainer.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"160932052939586024011507628738969548965",
"274140543191920809926793232599400268859",
"254841438318219637295774245386862631382",
"234249594760885292603085162545729131788"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-90f6490a"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/qti21/repository/handlers/CopyAndConvertVisitor.java",
"function": "preVisitDirectory"
},
"signature_type": "Function",
"digest": {
"function_hash": "78428407838731879292176796548329627932",
"length": 294.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-a717830b"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/modules/wiki/WikiManager.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"84131042786690380114569031182055262877",
"93387466638959199840274257425896413403",
"153545672692042885129149287177450489148",
"328019323956845982624872341268613458131",
"281489005211441458629100488944536865103",
"224470013527666152824820305267489925349",
"33461383690351346023066518599583770633",
"153653439819996600173130295864223417920",
"225698496470552038185197735942773588839",
"295649207567266967641452518987885803286",
"157811134063063962761563717123615162015",
"155521037284892941144414198291641367883"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-bbd9d8eb"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/FileResource.java",
"function": "searchRootDirectory"
},
"signature_type": "Function",
"digest": {
"function_hash": "188033609468029938613611577607788912111",
"length": 129.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-bd5039d6"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ScormCPFileResource.java",
"function": "evaluate"
},
"signature_type": "Function",
"digest": {
"function_hash": "146984653536480656285808037530882118068",
"length": 789.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-c6f97dd6"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/vfs/VFSContainer.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"15331127715904647586684576308895742592",
"231688267241650897087473326967472509972",
"320399459765109209378648056443630156691"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-ce2cb251"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/ImsCPFileResource.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"194086907254416557194771056530826539387",
"201215351040240284806507825323476382492",
"188670872908834636643371968594020210651",
"122313628555400704333922010695251166949",
"195806990793561809551573117577709150227",
"67769592122734791594171835579496605833",
"11424027222596234365321179868772064375",
"60074745634346569706351659242366753787",
"272956406639380185311808147993593929250",
"208571624632947917977843648529912252097",
"248116764994908847799383926046986978289",
"18962166913525599740285554237524994303"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-ce5a99bb"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/PathUtils.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"183328907142419049226861232778407941563",
"39499508541914887253938447285712740629",
"126207161752623567359267647925417585603",
"67864264616901622018063073267582433092",
"80252721784470418271407298799414404725",
"290046520710438178474571662541968839086",
"118338823348980416436041384120645228824",
"221735543725505309782788243993759181330",
"132032391720571626016838690033519163303",
"108762670378427923694059289220729457696",
"322029244830864480715126696749668385337",
"250472175759851112027037424579267568503",
"95346386220794161858043228619862194135",
"152726986875963113505768674852829215172",
"58871858652875155347493360475395277839",
"35717110144256851263593681332011395414",
"128911233056551269113578190724248346327",
"217712815537588931822994935944634270688",
"290737528227550603217481900752163386745",
"335293021993408309240018443230846125065",
"86600079247604917704814477888892623483",
"336832120202039859701758064633960084971",
"160324137065555522858817488857582099437",
"213187289583953956152481221329506383354",
"234849285517580713898896759270577359348",
"310936526724776118474921476638787275683",
"299825695866551462009130693161518526411"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-ce7285bc"
},
{
"deprecated": false,
"target": {
"file": "src/test/java/org/olat/test/AllTestsJunit4.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"19214286460361569947697049488706958341",
"308173915604252157750435940884065787820",
"327520499930115090870445281848103592459",
"178271409221145317831513317155051084333",
"96353952129283202366135894384775015472",
"262178447980924857456156053655282009940",
"168140572898103439234056366544358435024",
"236359560889725980497653043775281585674"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-cf4e95de"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/PathUtils.java",
"function": "visitFile"
},
"signature_type": "Function",
"digest": {
"function_hash": "204750497181020528287573642390002163589",
"length": 334.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-cfcea61d"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/FileResource.java",
"function": "copyResource"
},
"signature_type": "Function",
"digest": {
"function_hash": "127754465048684897158283584328632636993",
"length": 378.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-d2988c7e"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/fileresource/types/FileResource.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"93119496783777962676593286839209502532",
"153009574588381127887724337925932562728",
"289272321035839069588204885308391671929",
"296960449405326413523206779301424584501",
"116674956531771128964530174219290752384",
"237161584359787280356629629965896205704",
"4266610840993881945764364221909670994",
"220079808896455169550209146437910541637",
"213365425441313331571438828994241410516",
"73009935472515674651456491005346056648",
"32265696141723662681339812541603240944",
"335418344750559856628333546193017219349",
"144783886565261091166447606720682947809",
"321502714269379950703706519387829411730",
"143882898199229448251899050602501817713",
"170136370935357421184891588012197595327",
"208485088705777458913584810249294608119",
"38884363313636142499834249770864472966",
"270066967022656329202244725822955098475",
"27550315162636526329932318698094775627",
"147982085440402050223963436910927216271",
"30392462949206855242882683956646581480"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-dc135004"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/ims/qti21/pool/QTI21ImportProcessor.java",
"function": "processResource"
},
"signature_type": "Function",
"digest": {
"function_hash": "219519907542405164015283356460068165945",
"length": 1841.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-e3fb4ed9"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/PathUtils.java",
"function": "visit"
},
"signature_type": "Function",
"digest": {
"function_hash": "137948721936003041313305768711068070534",
"length": 685.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-f2db2bc1"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/modules/wiki/WikiManager.java",
"function": "importWiki"
},
"signature_type": "Function",
"digest": {
"function_hash": "268936319345865385851835332929397099863",
"length": 365.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-f6bcaeaa"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/modules/wiki/WikiManager.java",
"function": "visitFile"
},
"signature_type": "Function",
"digest": {
"function_hash": "288988031471967356188349711399360042458",
"length": 987.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-f8e31b57"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/core/util/ZipUtil.java",
"function": "xxunzip"
},
"signature_type": "Function",
"digest": {
"function_hash": "297928654027159214838245849262425482973",
"length": 464.0
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/5668a41ab3f1753102a89757be013487544279d5",
"id": "CVE-2021-39180-fa71eecf"
},
{
"deprecated": false,
"target": {
"file": "src/main/java/org/olat/modules/wiki/WikiManager.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"272246920568848215049546347662683367401",
"253873657747736562685882185689039411952",
"245465376867543573609082139243225776654",
"37681398150214542301903362957207106591",
"156377355614681038639938660496119961902",
"315744121113419138768866446189847287361",
"280287147065735436574328318763477260169",
"320635527911740271015603613930526091613",
"209633812166668481335247138637761470387",
"20535428686542160130566785734619120588",
"334324786012000079465303212559255916385",
"263007444789096802902955681484344748835",
"45116320354694285214171495498396400610",
"257886329547241337780434942110739510274",
"328956758617422456268835377863494316659",
"221391704808875488851730802636446215115",
"331777831945013014157938853200868813604",
"192552337969461553632818659265812723012",
"102696922173108538184483418771534992551",
"281489005211441458629100488944536865103",
"224470013527666152824820305267489925349",
"33461383690351346023066518599583770633",
"153653439819996600173130295864223417920",
"225698496470552038185197735942773588839",
"295649207567266967641452518987885803286",
"157811134063063962761563717123615162015",
"155521037284892941144414198291641367883",
"96476269638911283411263238710225909694",
"263675149900100772030862422601404145751",
"96027855539528081720496414061667930686",
"113574093775117966504024884797098212234",
"68829102896631547265781072300326501955",
"339246703881048926710448958650421317746",
"185937038620883434398512599535261825259"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/openolat/openolat/commit/699490be8e931af0ef1f135c55384db1f4232637",
"id": "CVE-2021-39180-fe1e66b8"
}
]