Published: 03/11/2022 Updated: 22/05/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an malicious user to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache uimaj

DescriptionThe MITRE CVE dictionary describes this issue as: A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names This issue affects Apache UIMA Apache UIMA version 330 and ...

CWE-22 https://lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shdd http://www.openwall.com/lists/oss-security/2022/11/03/4 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-32287

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-32287

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect