CVE-2019-18393
24.10.2019, 11:15
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Vendor | Product | Version |
---|---|---|
igniterealtime | openfire | 𝑥 ≤ 4.4.2 |
𝑥
= Vulnerable software versions