Description
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0234.html
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://www.securityfocus.com/bid/88199
https://github.com/uberfire/uberfire/commit/21ec50eb15
Related Vulnerabilities
CVE-2018-1000863 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-30542 Vulnerability in npm package @openzeppelin/contracts
CVE-2023-32994 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2022-40764 Vulnerability in npm package snyk-go-plugin
CVE-2018-1999034 Vulnerability in maven package com.inedo.proget:inedo-proget