CVE-2018-1316

Name of the Vulnerable Software and Affected Versions Apache ODE versions prior to 1.3.3

Description The issue allowed directory traversal through the ODE process deployment web service by using a path for the name in deployment messages. This could result in writing files to unwanted locations, overwriting existing files, or deleting them.

Recommendations For versions prior to 1.3.3, update to Apache ODE version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the deployment web service to minimize the risk of exploitation.