[MAVEN:GHSA-JF7G-5Q92-4HP2] Apache ODE Path Traversal vulnerability

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

Package	Affected Version
pkg:maven/org.apache.ode/ode	< 1.3.3

Package	Fixed Version
pkg:maven/org.apache.ode/ode	= 1.3.3

ID: MAVEN:GHSA-JF7G-5Q92-4HP2
Severity: high
URL: https://github.com/advisories/GHSA-jf7g-5q92-4hp2
Published: 2022-05-14T03:35:05
(2 years ago)
Modified: 2023-01-29T05:03:33
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-1316
			https://lists.apache.org/thread.html/ce416ddfba1a87f4b8e2d8125f1c3b45d1f0b350af29a4d0405e213b@%3Cuser.ode.apache.org%3E
			http://mail-archives.apache.org/mod_mbox/www-announce/200908.mbox/%3Cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb%40mail.gmail.com%3E
			https://github.com/advisories/GHSA-jf7g-5q92-4hp2

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.ode/ode	org.apache.ode	ode	< 1.3.3
Fixed	pkg:maven/org.apache.ode/ode	org.apache.ode	ode	= 1.3.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date