Description
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2617
https://access.redhat.com/errata/RHSA-2018:0319
http://www.securityfocus.com/bid/96036
Related Vulnerabilities
CVE-2021-23335 Vulnerability in npm package is-user-valid
CVE-2020-28271 Vulnerability in npm package deephas
CVE-2020-26256 Vulnerability in maven package org.webjars.npm:fast-csv
CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer