Description
core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive.
Remediation
References
https://github.com/dkpro/dkpro-core/issues/1325
Related Vulnerabilities
CVE-2021-21321 Vulnerability in npm package fastify-reply-from
CVE-2023-29207 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2023-25653 Vulnerability in maven package org.webjars.npm:node-jose
CVE-2022-29172 Vulnerability in maven package org.webjars.npm:auth0-lock