util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/lingochamp/FileDownloader/issues/1028 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-18T18:00:00
Updated: 2024-08-05T08:01:52.872Z
Reserved: 2018-05-18T00:00:00
Link: CVE-2018-11248
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-05-18T18:29:00.327
Modified: 2018-06-20T14:38:19.083
Link: CVE-2018-11248
Redhat
No data.