Описание
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | camel | Affected | ||
| Red Hat JBoss Fuse Integration Service 2 | spark-core | Affected | ||
| Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R7 | spark-core | Fixed | RHSA-2018:2405 | 14.08.2018 |
| Red Hat JBoss A-MQ 6.3 | camel | Fixed | RHSA-2018:2020 | 26.06.2018 |
| Red Hat JBoss Fuse 6.3 | camel | Fixed | RHSA-2018:2020 | 26.06.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1563732spark: Absolute and relative pathnames allow for unintended static file disclosure
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
почти 8 лет назад
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
CVSS3: 5.3
github
больше 7 лет назад
Moderate severity vulnerability that affects com.sparkjava:spark-core
5.3 Medium
CVSS3