CVE-2019-18393

Published October 24th, 2019

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

igniterealtime/Openfire

An XMPP server licensed under the Open Source Apache License.

GitHub

3.03K