Vulnerability	Vulnerable Version
C Arbitrary File Upload org.wso2.carbon:wso2carbon-core is a core of the next-generation WSO2 Carbon platform. Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server. Note: The vulnerable components are: WSO2 API Manager 2.2.0 and above WSO2 Identity Server 5.2.0 and above WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0 WSO2 Identity Server as Key Manager 5.3.0 and above WSO2 Enterprise Integrator 6.2.0 and above How to fix Arbitrary File Upload? Upgrade `org.wso2.carbon:wso2carbon-core` to version 4.7.0-m9 or higher.	[,4.7.0-m9)

Arbitrary File Upload

org.wso2.carbon:wso2carbon-core is a core of the next-generation WSO2 Carbon platform.

Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server.

Note: The vulnerable components are:

WSO2 API Manager 2.2.0 and above
WSO2 Identity Server 5.2.0 and above
WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0
WSO2 Identity Server as Key Manager 5.3.0 and above
WSO2 Enterprise Integrator 6.2.0 and above

How to fix Arbitrary File Upload?

Upgrade org.wso2.carbon:wso2carbon-core to version 4.7.0-m9 or higher.

[,4.7.0-m9)

Go back to all versions of this package