Directory traversal vulnerability in Shapefile parser
Information
-
CVE Id: CVE-2020-9378
-
CVSS Base Score: 7.5
-
Severity: High
-
CWE classification: CWE-23
Summary
The Shapefile parser in Dataiku DSS before 6.0.5 insufficiently sanitizes zipped Shapefiles, which allows an attacker to overwrite configuration files through crafted zipped Shapefiles.
Affected Products
Dataiku DSS in versions before 6.0.5
Mitigation
Dataiku DSS 6.0.5 has been made available to customers to remediate this issue