Description
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Remediation
References
https://github.com/hawtio/hawtio/issues/2832
Related Vulnerabilities
CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2020-27216 Vulnerability in maven package jetty:jetty
CVE-2021-41184 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2021-4264 Vulnerability in maven package org.webjars:dustjs-linkedin