CVE-2019-17572: Path Traversal

May 14, 2020 (updated May 15, 2020)

In Apache RocketMQ, when the automatic topic creation in the broker is turned on by default, an evil topic like ../../../../topic2020 is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability.

References

nvd.nist.gov/vuln/detail/CVE-2019-17572

Detect and mitigate CVE-2019-17572 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →