org.wso2.carbon:org.wso2.carbon.core.services@4.4.25 vulnerabilities
-
latest version
4.10.15
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
2 months ago
-
licenses detected
- [4.4.19,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.wso2.carbon:org.wso2.carbon.core.services package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.wso2.carbon:org.wso2.carbon.core.services is a core of the next-generation WSO2 Carbon platform. Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server. Note: The vulnerable components are:
How to fix Arbitrary File Upload? Upgrade |
[,4.7.0-m9)
|