Security Advisory

CVE-2017-5869

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-03-24 14:00:00

Last updated 2024-08-05 15:11:48

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.

← Browse all CVEs View on cve.org ↗