CVE-2023-33544: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

June 1, 2023 (updated June 8, 2023)

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.

References

github.com/hawtio/hawtio/issues/2832
nvd.nist.gov/vuln/detail/CVE-2023-33544

Code Behaviors & Features

Detect and mitigate CVE-2023-33544 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →