Description
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://www.securityfocus.com/bid/88199
https://github.com/uberfire/uberfire/commit/21ec50eb15
Related Vulnerabilities
CVE-2018-1000401 Vulnerability in maven package org.jenkins-ci.plugins:aws-codepipeline
CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-bukkit
CVE-2020-2299 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2019-10170 Vulnerability in maven package org.keycloak:keycloak-services