Lucene search
ApacheCVELIST:CVE-2022-32287HistoryNov 03, 2022 - 12:00 a.m.
CVE-2022-32287 Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives
2022-11-0300:00:00
CWE-22
apache
www.cve.org
4
cve-2022-32287
apache uima
path traversal
pear management
zip entry names
EPSS
0.001
Percentile
46.3%
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache UIMA",
"versions": [
{
"version": "Java SDK",
"status": "affected",
"lessThanOrEqual": "3.3.0",
"versionType": "custom"
}
]
}
]Related
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache UIMA directory transversal vulnerability( CVE-2022-32287)
2023-07-06 17:52:21
osv
osv
Apache UIMA Path Traversal vulnerability
2022-11-03 19:00:26
CVE-2022-32287
2022-11-03 12:15:09
github
github
Apache UIMA Path Traversal vulnerability
2022-11-03 19:00:26
nvd
nvd
CVE-2022-32287
2022-11-03 12:15:09
cve
cve
CVE-2022-32287
2022-11-03 12:15:09
cnvd
cnvd
Apache UIMA path traversal vulnerability
2022-11-05 00:00:00
redhatcve
redhatcve
CVE-2022-32287
2022-11-03 21:27:09
ubuntucve
ubuntucve
CVE-2022-32287
2022-11-03 00:00:00
veracode
veracode
Path Traversal
2022-11-04 06:26:21
prion
prion
Path traversal
2022-11-03 12:15:00