GHSA-6h58-c7r7-g2hw

Suggest an improvement
Source
https://github.com/advisories/GHSA-6h58-c7r7-g2hw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6h58-c7r7-g2hw/GHSA-6h58-c7r7-g2hw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6h58-c7r7-g2hw
Aliases
  • CVE-2014-8114
Published
2022-05-14T01:10:41Z
Modified
2023-11-08T03:57:45.350907Z
Summary
UberFire Framework Improperly Restricts Paths
Details

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

Database specific 
{
    "nvd_published_at": "2015-02-20T16:59:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-16T22:23:43Z"
}
References

Affected packages

Maven / org.uberfire:uberfire-parent

Package

Name
org.uberfire:uberfire-parent
View open source insights on deps.dev
Purl
pkg:maven/org.uberfire/uberfire-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.3.0.Beta5
Last affected
0.3.1.Final