openmeetings is vulnerable to Remote Code Execution (RCE). The vulnerability exists because the library does not properly validate the paths, which allows an attacker to perform malicious code execution through the null-byte injection.
CPE | Name | Operator | Version |
---|---|---|---|
openmeetings db | le | 7.0.0 | |
openmeetings db | le | 7.0.0 |
github.com/advisories/GHSA-mg5h-f3q8-c96g
github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
issues.apache.org/jira/browse/OPENMEETINGS-2765
lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr