Lucene search

K
osvGoogleOSV:GHSA-3V63-F83X-37X4
HistoryMay 14, 2022 - 1:14 a.m.

Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ

2022-05-1401:14:51
Google
osv.dev
19

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.2%

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.2%