Lucene search
Veracode Vulnerability DatabaseVERACODE:35346HistoryMay 04, 2022 - 4:57 a.m.
Arbitrary File Access
2022-05-0404:57:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.002 Low
EPSS
Percentile
59.2%
org.xwiki.commons:xwiki-commons-velocity is vulnerable to arbitrary file access. A privileged attacker who has access to an file returning API, is able to perform read or write operations on the filesystem because it is not properly sandboxed against using the Java File API.
References
github.com/advisories/GHSA-cvx5-m8vg-vxgc
github.com/xwiki/xwiki-commons/commit/215951cfb0f808d0bf5b1097c9e7d1e503449ab8
github.com/xwiki/xwiki-commons/commit/327fa15ba24c2152940f09e459d0fe934756dde4
github.com/xwiki/xwiki-commons/commit/d6dc35da44c32f582d76fa0bbf096c8d0e1313d4
github.com/xwiki/xwiki-commons/pull/127
github.com/xwiki/xwiki-commons/security/advisories/GHSA-cvx5-m8vg-vxgc
jira.xwiki.org/browse/XWIKI-5168
Related
osv
osv
CVE-2022-24897
2022-05-02 22:15:09
Arbitrary filesystem write access from velocity.
2022-04-28 21:16:40
cvelist
cvelist
CVE-2022-24897 Arbitrary filesystem write access from Velocity
2022-05-02 21:49:17
github
github
Arbitrary filesystem write access from velocity.
2022-04-28 21:16:40
cve
cve
CVE-2022-24897
2022-05-02 22:15:09
nvd
nvd
CVE-2022-24897
2022-05-02 22:15:09
prion
prion
Code injection
2022-05-02 22:15:00