rocketmq-broker is vulnerable to directory traversal. The automatic topic creation which is enabled by default, allows a folder name containing ../
characters to be created. This results in the writing of arbitrary directory in the parent directories, potentially overwriting existing folders.
CPE | Name | Operator | Version |
---|---|---|---|
rocketmq-broker | le | 4.6.0 |