Description
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Remediation
References
https://github.com/hawtio/hawtio/issues/2832
Related Vulnerabilities
CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble
CVE-2018-3721 Vulnerability in maven package org.webjars:lodash
CVE-2022-25760 Vulnerability in npm package accesslog
CVE-2018-3721 Vulnerability in npm package lodash.defaultsdeep
CVE-2011-2087 Vulnerability in maven package org.apache.struts:struts2-javatemplates-plugin