Back to search
CVE-2018-11789
Published: Mar 18, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache Incubator Heron | affected Apache Incubator Heron 0.13.0 to 0.17.8 |
References
[heron-dev] 20190306 [CVE-2018-11789] Apache Incubator Heron file access vulnerability
mailing-list
x_refsource_MLIST
107430
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now