Lucene search

K

Veracode Vulnerability DatabaseVERACODE:6331

HistoryMay 21, 2018 - 6:57 a.m.

Directory Traversal

2018-05-2106:57:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

EPSS

0.002

Percentile

53.1%

FileDownloader is vulnerable to directory traversal. Failing to check filename in util/FileDownloadUtils.java allows the attacker to trigger the attack by sending a file attachment’s name with ../.

References

github.com/lingochamp/FileDownloader/commit/b023cc081bbecdd2a9f3549a3ae5c12a9647ed7f

github.com/lingochamp/FileDownloader/issues/1028

EPSS

0.002

Percentile

53.1%

Related for VERACODE:6331

osv1 cve1 cvelist1 prion1 nvd1