PT-2021-12855 · Apache · Apache Asterixdb

Yiming Xiang

Published

2021-03-01

Updated

2021-03-08

CVE-2020-9479

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Apache AsterixDB versions between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d

Description: When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue did not affect any released versions of Apache AsterixDB.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-9479

Affected Products

Apache Asterixdb

PT-2021-12855 · Apache · Apache Asterixdb

CVE-2020-9479

Weakness Enumeration

Related Identifiers

Affected Products

References · 6