CVE-2017-15712: Path Traversal

February 19, 2018 (updated March 16, 2018)

This vulnerability allows a user of Apache Oozie to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

References

www.securityfocus.com/bid/103102
nvd.nist.gov/vuln/detail/CVE-2017-15712

Detect and mitigate CVE-2017-15712 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →