Description
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Remediation
References
https://github.com/hawtio/hawtio/issues/2832
Related Vulnerabilities
CVE-2021-28170 Vulnerability in maven package org.glassfish:jakarta.el
CVE-2020-11987 Vulnerability in maven package org.apache.xmlgraphics:batik-svgbrowser
CVE-2022-41713 Vulnerability in npm package deep-object-diff
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core