CVE-2014-8114
UberFire Framework Improperly Restricts Paths
EPSS 1.8%
Description
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
How to fix CVE-2014-8114
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Maven/org.uberfire:uberfire-parent—no fix listed
Is CVE-2014-8114 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.3.0.Beta5, <= 0.3.1.Final