Количество 2
Количество 2
CVE-2019-17572
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.
GHSA-5x3v-2gxr-59m2
Directory traversal in Apache RocketMQ
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-17572 In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. | CVSS3: 5.3 | 2% Низкий | больше 5 лет назад |
| GHSA-5x3v-2gxr-59m2 Directory traversal in Apache RocketMQ | 2% Низкий | больше 5 лет назад |
Уязвимостей на страницу