CVE-2022-26884: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

October 28, 2022 (updated October 31, 2022)

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

References

www.openwall.com/lists/oss-security/2022/10/28/2
lists.apache.org/thread/xfdst5y4hnrm2ntmc5jzrgmw2htyyb9c
nvd.nist.gov/vuln/detail/CVE-2022-26884

Code Behaviors & Features

Detect and mitigate CVE-2022-26884 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →