Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25437
HistoryMay 15, 2020 - 5:01 a.m.

Directory Traversal

2020-05-1505:01:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2

0.001 Low

EPSS

Percentile

25.0%

rocketmq-broker is vulnerable to directory traversal. The automatic topic creation which is enabled by default, allows a folder name containing ../ characters to be created. This results in the writing of arbitrary directory in the parent directories, potentially overwriting existing folders.

CPENameOperatorVersion
rocketmq-brokerle4.6.0

0.001 Low

EPSS

Percentile

25.0%