'[oss-security] CVE-2022-34271: Apache Atlas: zip path traversal in import functionality'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-34271: Apache Atlas: zip path traversal in import functionality
From:       Madhan Neethiraj <madhan () apache ! org>
Date:       2022-12-14 1:07:22
Message-ID: 36682633-71ed-3c1e-9e83-5e5f41d62c94 () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web \
server filesystem.  This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

This issue is being tracked as ATLAS-4622 

Credit:

Huangzhicong (finder)

References:

https://atlas.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-34271
https://issues.apache.org/jira/browse/ATLAS-4622

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic