GHSA-59h8-h34r-q9cv

Suggest an improvement
Source
https://github.com/advisories/GHSA-59h8-h34r-q9cv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-59h8-h34r-q9cv/GHSA-59h8-h34r-q9cv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-59h8-h34r-q9cv
Aliases
Published
2022-05-24T16:59:50Z
Modified
2024-02-19T05:32:15.683252Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Ignite Realtime Openfire directory traversal vulnerability
Details

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Version 4.5.0-beta contains a fix for the issue.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ],
    "nvd_published_at": "2019-10-24T11:15:00Z",
    "github_reviewed_at": "2022-11-22T19:22:34Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / org.igniterealtime.openfire:parent

Package

Name
org.igniterealtime.openfire:parent
View open source insights on deps.dev
Purl
pkg:maven/org.igniterealtime.openfire/parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.0-beta

Affected versions

4.*

4.2.0