CVE-2019-12309

2019-05-2320:29:00

Google

osv.dev

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.9%

JSON

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.

References

dotcms.com/security/SI-48

github.com/dotCMS/core/compare/605e5db...364c910