Lucene search

K
osvGoogleOSV:CVE-2019-17572
HistoryMay 14, 2020 - 5:15 p.m.

CVE-2019-17572

2020-05-1417:15:11
Google
osv.dev
2

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “…/…/…/…/topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%