Directory traversal vulnerability in Shapefile parser¶
Information¶
CVE Id: CVE-2020-9378
CVSS Base Score: 7.5
Severity: High
CWE classification: CWE-23
Summary¶
The Shapefile parser in Dataiku DSS before 6.0.5 insufficiently sanitizes zipped Shapefiles, which allows an attacker to overwrite configuration files through crafted zipped Shapefiles.
Affected Products¶
Dataiku DSS in versions before 6.0.5
Mitigation¶
Dataiku DSS 6.0.5 has been made available to customers to remediate this issue