-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the allocateFile function's lack of path normalization and validation. The patch adds a critical check using Path.normalize() and startsWith() to prevent directory traversal. The associated test case explicitly tests this function with a malicious path, confirming its role in the vulnerability. The CWE-22 classification and commit message further corroborate this as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.openrefine:main | maven | < 3.2-beta | 3.2-beta |