1.9.23
9 years ago
6 months ago
Known vulnerabilities in the org.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.service package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of user input, a malicious actor could upload an arbitrary file to a user-controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server. Note: The vulnerable components are:
How to fix Arbitrary File Upload? Upgrade | [,1.4.50) |