{"uuid": "513252e2-53bc-4e95-9420-21efe655a545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-17572", "type": "seen", "source": "https://t.me/cibsecurity/12072", "content": "ATENTION\u203c New - CVE-2019-17572\n\nIn Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like \u00e2\u20acœ../../../../topic2020\u00e2\u20ac\ufffd is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-14T20:34:28.000000Z"}