CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5869

HIGH
8.8
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile13.15th
PublishedMar 24, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.

Affected Platforms (CPE)

πŸ“¦
Nuxeo

Nuxeo

= 6.0
πŸ“¦
Nuxeo

Nuxeo

= 7.1
πŸ“¦
Nuxeo

Nuxeo

= 7.2
πŸ“¦
Nuxeo

Nuxeo

= 7.3

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2017/03/23/6
πŸ”— http://www.securityfocus.com/bid/97083
πŸ”— https://sysdream.com/news/lab/2017-03-23-cve-2017-5869-nuxeo-platform-remote-code-execution/
πŸ”— https://www.exploit-db.com/exploits/41748/
πŸ”— http://www.openwall.com/lists/oss-security/2017/03/23/6
πŸ”— http://www.securityfocus.com/bid/97083
πŸ”— https://sysdream.com/news/lab/2017-03-23-cve-2017-5869-nuxeo-platform-remote-code-execution/
πŸ”— https://www.exploit-db.com/exploits/41748/

Related Vulnerabilities

CVE-2013-45219.8

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deseri...

CVE-2021-328285.4

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oau...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...