The Dataset API in DKPro Core is vulnerable to directory traversal. Lack of validation of file names in core/api/datasets/internal/actions/Explode.java
allows an attacker to overwrite arbitrary local files via a malicious archive.
CPE | Name | Operator | Version |
---|---|---|---|
dkpro core asl - datasets | le | 1.10.0 | |
dkpro core asl - datasets | le | 1.10.0 |