Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02aDU4LWM3cjctZzJod84AAToY
UberFire Framework Improperly Restricts Paths
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Permalink: https://github.com/advisories/GHSA-6h58-c7r7-g2hwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aDU4LWM3cjctZzJod84AAToY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
Identifiers: GHSA-6h58-c7r7-g2hw, CVE-2014-8114
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8114
- https://github.com/uberfire/uberfire/commit/21ec50eb15
- http://rhn.redhat.com/errata/RHSA-2015-0234.html
- http://rhn.redhat.com/errata/RHSA-2015-0235.html
- https://web.archive.org/web/20200227080813/http://www.securityfocus.com/bid/88199
- https://github.com/advisories/GHSA-6h58-c7r7-g2hw
Blast Radius: 1.0
Affected Packages
maven:org.uberfire:uberfire-parent
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 0.3.0.Beta5, <= 0.3.1.Final
No known fixed version
All affected versions: