CVE-2022-44635

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-44635

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-44635.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-44635

Published

2022-11-29T15:15:10.897Z

Modified

2025-11-14T13:52:19.831358Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

References

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type: GIT
Repo: https://github.com/apache/fineract
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90f854b68886458a466b048807c26ccf31a6f555

Affected versions

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.7.0

1.8.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "236509758749748342454817270594780397597",
                "268218976097468295366479396221596327693",
                "51500460393827293229909378399150538056",
                "221715015619316312491849204525725912023",
                "28453236996130509214530901712868890277",
                "128062032775926429836141200544693008808",
                "49417809668175005423162743296062370115",
                "48460477554060031071705227188834251325",
                "167941230634331765185494302301650989237",
                "142619218965884876281607326391434643336",
                "75893241929449185810075917976272121130"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-00901b44",
        "target": {
            "file": "integration-tests/src/test/java/org/apache/fineract/integrationtests/client/ImageTest.java"
        }
    },
    {
        "digest": {
            "function_hash": "191835977652114232112221867064825047645",
            "length": 204.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-34a6a47b",
        "target": {
            "function": "fetchImage",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/FileSystemContentRepository.java"
        }
    },
    {
        "digest": {
            "function_hash": "337878926813245140344845358148466515875",
            "length": 209.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-597218cc",
        "target": {
            "function": "getRepository",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/ContentRepositoryFactory.java"
        }
    },
    {
        "digest": {
            "function_hash": "157657476025850870008571117033628322714",
            "length": 3823.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-6327e7c9",
        "target": {
            "function": "importWorkbook",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/bulkimport/service/BulkImportWorkbookServiceImpl.java"
        }
    },
    {
        "digest": {
            "function_hash": "26956595322337464863796696460997867577",
            "length": 189.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-76bd76fb",
        "target": {
            "function": "fetchFile",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/FileSystemContentRepository.java"
        }
    },
    {
        "digest": {
            "function_hash": "30630720117791817568375142309863450194",
            "length": 429.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-b550839f",
        "target": {
            "function": "writeFileToFileSystem",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/FileSystemContentRepository.java"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "290733147405363131716157170297744781350",
                "171742514963178480549000533520817147315",
                "244380651064171403430122504524034556143",
                "131848830385009185904888027080565249462",
                "129577151012537404100882675339538719584",
                "183561973388541304953387592703538882919",
                "1691888000511687589916469772540395210",
                "271295491802697536272128188030790518155",
                "327914174205727439095868789368031542897",
                "14281999096349903483211911451291779731",
                "11535685915387106111168195390214828378",
                "306724374184274026143505056666197592396",
                "6776654619753410337660829822110053122",
                "207812146613396057472429680533756426851",
                "127623427716121388208177283324602699857",
                "64292456672175456297677707642562845562",
                "79690194290125093357959589596519056883",
                "288972550759624526293532465105540803148",
                "289251155449000591840997886333294855121",
                "58901251288455482757776659545037833407",
                "33080473738526389795181812198602833390",
                "20488657307084144507584292914745951514",
                "235526728289177186276030826610748835886",
                "327204019185754769407271241854738312123",
                "203490035495604507361243294484940380918",
                "142141199368385930371377162242792873902",
                "195568032472403809483290187184977436336",
                "147773012145241670486746096977237550387"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-b88d7014",
        "target": {
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/FileSystemContentRepository.java"
        }
    },
    {
        "digest": {
            "function_hash": "219334126834884043840391103125026751225",
            "length": 192.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-c7d47632",
        "target": {
            "function": "deleteFileInternal",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/FileSystemContentRepository.java"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "45804566911881964965880258516855418661",
                "217284974128005338535191930346520843391",
                "119361211039533209476386451460785086097",
                "49675275339262749401929874149555576073",
                "272834530818510120776147932868729265867",
                "84800356107528021590030932152221473990",
                "317596943331555921459978520414809510958",
                "37686261679822523943930741787008863598",
                "337914527217350888079694539185068263376",
                "268110569407540807600615316023020396637",
                "203457291866148430443969551069045152699",
                "67890544069490582692450550907678184963",
                "109647316895975894074387206124706492933"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-cae6753a",
        "target": {
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/bulkimport/service/BulkImportWorkbookServiceImpl.java"
        }
    },
    {
        "digest": {
            "function_hash": "302613775472807712167292276078157719882",
            "length": 128.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-fc20cb4d",
        "target": {
            "function": "getRepository",
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/ContentRepositoryFactory.java"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "183212286132335441830579932720797076092",
                "202533192653601833581495246028596436438",
                "226135292886902465745883409908639081409",
                "224626643227632232292092261257462647430",
                "203079776918701771478985598876749658148",
                "313031135324766457911788947231295226907",
                "310923028817152656633183729501779947494",
                "169365811610944753413855783715440958405",
                "207307924154199858032293986368628953182",
                "235016805383715033138004703861084412691",
                "45219846187101252312196244757190041131",
                "339772509305153306562989924283341513839",
                "46412348323836929219315986860310938086",
                "97509751825814953693542434141419489483"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/90f854b68886458a466b048807c26ccf31a6f555",
        "id": "CVE-2022-44635-ffc213e0",
        "target": {
            "file": "fineract-provider/src/main/java/org/apache/fineract/infrastructure/documentmanagement/contentrepository/ContentRepositoryFactory.java"
        }
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-44635.json"