{"id":"GHSA-cpp8-r8pr-wv4v","summary":"Apache Storm log viewer path traversal vulnerability","details":"Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a `..` (dot dot) in the file parameter to log.","aliases":["CVE-2014-0115"],"modified":"2023-11-08T03:57:31.871812Z","published":"2022-05-17T00:24:06Z","database_specific":{"nvd_published_at":"2017-10-30T16:29:00Z","github_reviewed":true,"github_reviewed_at":"2023-08-16T22:45:20Z","cwe_ids":["CWE-22"],"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0115"},{"type":"WEB","url":"https://issues.apache.org/jira/browse/STORM-269"},{"type":"WEB","url":"https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645@arcas%3E"}],"affected":[{"package":{"name":"org.apache.storm:storm","ecosystem":"Maven","purl":"pkg:maven/org.apache.storm/storm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.9.0.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpp8-r8pr-wv4v/GHSA-cpp8-r8pr-wv4v.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}