Lucene search

K
prionPRIOn knowledge basePRION:CVE-2019-17572
HistoryMay 14, 2020 - 5:15 p.m.

Directory traversal

2020-05-1417:15:00
PRIOn knowledge base
www.prio-n.com
2

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “…/…/…/…/topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

CPENameOperatorVersion
rocketmqge4.2.0
rocketmqle4.6.0

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

Related for PRION:CVE-2019-17572