org.wso2.carbon:org.wso2.carbon.ui@4.7.0-m8 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.wso2.carbon:org.wso2.carbon.ui package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary File Upload

org.wso2.carbon:org.wso2.carbon.ui is a package that provides the Carbon UI

Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server.

Note: The vulnerable components are:

  1. WSO2 API Manager 2.2.0 and above

  2. WSO2 Identity Server 5.2.0 and above

  3. WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0

  4. WSO2 Identity Server as Key Manager 5.3.0 and above

  5. WSO2 Enterprise Integrator 6.2.0 and above

How to fix Arbitrary File Upload?

Upgrade org.wso2.carbon:org.wso2.carbon.ui to version 4.7.0-m9 or higher.

[,4.7.0-m9)