CVE-2018-11248

Published: 2018-05-18T18:29Z

Last Modified: 2024-11-21T03:42Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt