Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-48019

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

Published

2025-02-04T19:15:31.733

Last Modified

2025-06-09T19:49:43.753

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
CWE-552
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	doris	< 2.1.8	Yes
Application	apache	doris	< 3.0.3	Yes

References

https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/02/04/2 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)