AppFormer/uberfire

Releases93

Frequency2 weeks 5 days

Last Release over 8 years ago

Stars84

Uberfire Framework

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2014-8114 ↗	Feb 20, 2015Friday, 20 February 2015, 16:59	—	6.8 MEDIUM
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.