Vulnerabilities > Apache > Allura > 1.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-46851 External Control of File Name or Path vulnerability in Apache Allura
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments.
network
low complexity
apache CWE-73
4.9
4.9
2019-06-19 CVE-2019-10085 Cross-site Scripting vulnerability in Apache Allura
In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets.
network
low complexity
apache CWE-79
6.1
6.1
2018-03-15 CVE-2018-1319 Injection vulnerability in Apache Allura
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting.
network
low complexity
apache CWE-74
6.1
6.1
2018-02-06 CVE-2018-1299 Path Traversal vulnerability in Apache Allura
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application.
network
low complexity
apache CWE-22
7.5
7.5