Search for packages
| purl | pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@8.3-rc-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kfau-cw24-aqaq
Aliases: CVE-2022-29253 GHSA-9qrp-h7fw-42hg |
Path Traversal in XWiki Platform ### Impact One can ask for any file located in the classloader using the template API and a path with ".." in it. For example ``` {{template name="../xwiki.hbm.xml"/}} ``` To our knownledge none of the available files of the classloader in XWiki Standard contain any strong confidential data, hence the low confidentiality value of this advisory. ### Patches The issue is patched in versions 14.0 and 13.10.3. ### Workarounds There's no easy workaround for this issue, administrators should upgrade their wiki. ### References * https://jira.xwiki.org/browse/XWIKI-19349 * https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security mailing list](mailto:security@xwiki.org) |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-03T21:27:05.218163+00:00 | GitLab Importer | Affected by | VCID-kfau-cw24-aqaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.xwiki.platform/xwiki-platform-oldcore/CVE-2022-29253.yml | 38.1.0 |
| 2026-04-01T16:02:32.761135+00:00 | GHSA Importer | Affected by | VCID-kfau-cw24-aqaq | https://github.com/advisories/GHSA-9qrp-h7fw-42hg | 38.0.0 |