Lucene search
Veracode Vulnerability DatabaseVERACODE:40594HistoryMay 19, 2023 - 5:17 a.m.
Remote Code Execution (RCE)
2023-05-1905:17:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
remote code execution
openmeetings
null-byte injection
software
0.001 Low
EPSS
Percentile
30.7%
openmeetings is vulnerable to Remote Code Execution (RCE). The vulnerability exists because the library does not properly validate the paths, which allows an attacker to perform malicious code execution through the null-byte injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openmeetings db | le | 7.0.0 | |
| openmeetings db | le | 7.0.0 |
References
github.com/advisories/GHSA-mg5h-f3q8-c96g
github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
issues.apache.org/jira/browse/OPENMEETINGS-2765
lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
Related
osv
osv
CVE-2023-29246
2023-05-12 08:15:08
nvd
nvd
CVE-2023-29246
2023-05-12 08:15:08
github
github
prion
prion
Design/Logic Flaw
2023-05-12 08:15:00
cve
cve
CVE-2023-29246
2023-05-12 08:15:08
cnvd
cnvd
Apache OpenMeetings Code Execution Vulnerability
2023-05-17 00:00:00
cvelist
cvelist
CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection
2023-05-12 07:43:20
openvas
openvas
Apache OpenMeetings 2.0.0 < 7.1.0 Multiple Vulnerabilities
2023-05-15 00:00:00
thn
thn