Описание
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | Camel | Affected | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2017:0868 | 03.04.2017 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2017:0868 | 03.04.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1393607Spark: Directory traversal vulnerability in version 2.5
EPSS
Процентиль: 81%
0.01566
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 9 лет назад
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVSS3: 7.5
github
больше 7 лет назад
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI
EPSS
Процентиль: 81%
0.01566
Низкий
7.5 High
CVSS3
5 Medium
CVSS2