Lucene search

K
cvelistApacheCVELIST:CVE-2019-17572
HistoryMay 14, 2020 - 4:10 p.m.

CVE-2019-17572

2020-05-1416:10:48
apache
www.cve.org

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “…/…/…/…/topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

CNA Affected

[
  {
    "product": "Apache RocketMQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache RocketMQ 4.2.0 to 4.6.0"
      }
    ]
  }
]

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

Related for CVELIST:CVE-2019-17572