Homepage

org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.service@1.4.40 vulnerabilities

  • latest version

    1.9.9

  • latest non vulnerable version

    1.9.9

  • first published

    8 years ago

  • latest version published

    6 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.service package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Arbitrary File Upload

    Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server.

    Note: The vulnerable components are:

    1. WSO2 API Manager 2.2.0 and above

    2. WSO2 Identity Server 5.2.0 and above

    3. WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0

    4. WSO2 Identity Server as Key Manager 5.3.0 and above

    5. WSO2 Enterprise Integrator 6.2.0 and above

    How to fix Arbitrary File Upload?

    Upgrade org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.service to version 1.4.50 or higher.

    [,1.4.50)
    Go back to all versions of this package