GHSA-xm92-rf24-h74w

Suggest an improvement
Source
https://github.com/advisories/GHSA-xm92-rf24-h74w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xm92-rf24-h74w/GHSA-xm92-rf24-h74w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xm92-rf24-h74w
Aliases
  • CVE-2008-5518
Published
2022-05-14T02:40:10Z
Modified
2024-12-04T05:40:39.088704Z
Summary
Apache Geronimo Application Server multiple directory traversal vulnerabilities
Details

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.

Database specific 
{
    "nvd_published_at": "2009-04-17T14:30:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-26T22:14:31Z"
}
References

Affected packages

Maven / org.apache.geronimo.plugins:console

Package

Name
org.apache.geronimo.plugins:console
View open source insights on deps.dev
Purl
pkg:maven/org.apache.geronimo.plugins/console

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.4

Affected versions

2.*

2.1
2.1.1
2.1.2
2.1.3