Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives
Vulnerability Description
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Apache UIMA 路径遍历漏洞
Vulnerability Description
Apache UIMA是美国阿帕奇(Apache)基金会的一个组件化的软件架构。用于分析同终端用户相关联的大容量非结构化信息。 Apache UIMA 3.3.0及之前版本存在路径遍历漏洞,该漏洞源于相对路径遍历,允许攻击者使用精心设计的ZIP条目名称在指定目标目录之外创建文件。
CVSS Information
N/A
Vulnerability Type
N/A