CVE-2016-2164: Information Exposure

April 11, 2016 (updated October 9, 2018)

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

References

openmeetings.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2016-2164

Code Behaviors & Features

Detect and mitigate CVE-2016-2164 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →