GHSA-jf7g-5q92-4hp2

Suggest an improvement
Source
https://github.com/advisories/GHSA-jf7g-5q92-4hp2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jf7g-5q92-4hp2/GHSA-jf7g-5q92-4hp2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jf7g-5q92-4hp2
Aliases
Published
2022-05-14T03:35:05Z
Modified
2023-11-01T04:48:56.180086Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Apache ODE Path Traversal vulnerability
Details

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

Database specific
{
    "nvd_published_at": "2018-03-05T14:29:00Z",
    "github_reviewed_at": "2022-11-08T21:56:57Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Maven / org.apache.ode:ode

Package

Name
org.apache.ode:ode
View open source insights on deps.dev
Purl
pkg:maven/org.apache.ode/ode

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.3