The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary
files through the backup upload endpoint by using path traversal characters.
This vulnerability is associated with program files PlatformReplicationManager.Java.
This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.yugabyte.com/ |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: Yugabyte
Published: 2023-02-09T16:08:57.723Z
Updated: 2024-08-02T05:24:34.100Z
Reserved: 2023-02-08T12:08:53.977Z
Link: CVE-2023-0745

No data.

Status : Modified
Published: 2023-02-09T17:15:16.553
Modified: 2024-11-21T07:37:44.537
Link: CVE-2023-0745

No data.