4 matches found
CVE-2019-17572
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...
Apache RocketMQ 4.2.0 < 4.6.1 Directory Traversal (CVE-2023-37582)
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like ../../../../topic2020 is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal...
CVE-2019-17572
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...
CVE-2019-17572
CVE-2019-17572 affects Apache RocketMQ from versions 4.2.0 through 4.6.0. When broker automatic topic creation is enabled by default, an attacker-provided topic such as “../../../../topic2020” can cause a directory to be created in the broker’s parent directory, resulting in a directory traversal...