Nuxeo · Nuxeo Platform · CVE-2017-5869
**Name of the Vulnerable Software and Affected Versions**
Nuxeo Platform versions 6.0 through 7.3
**Description**
The issue allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the `X-File-Name` header, exploiting a directory traversal vulnerability in the file import feature.
**Recommendations**
For Nuxeo Platform versions 6.0 through 7.3, consider restricting access to the file import feature until a fix is available, and avoid using the `X-File-Name` header with .. (dot dot) sequences to prevent exploitation.