Описание
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 6.1 (включая)
cpe:2.3:a:lsfusion:lsfusion_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00075
Низкий
6.3 Medium
CVSS3
9.1 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.3
github
3 месяца назад
lsFusion Server is vulnerable to Path Traversal through its unpackFile function
EPSS
Процентиль: 23%
0.00075
Низкий
6.3 Medium
CVSS3
9.1 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22