CVE-2018-1316

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1316
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1316.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1316
Aliases
Published
2018-03-05T14:29:00.313Z
Modified
2026-02-11T10:34:44.384189Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

References

Affected packages

Git / github.com/apache/ode

Affected ranges

Type
GIT
Repo
https://github.com/apache/ode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00e7702f49866171c6d8ce468a1d0192c5eabaa8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1316.json"