High severityNVD Advisory· Published Nov 3, 2022· Updated May 2, 2025
Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives
CVE-2022-32287
Description
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.uima:uimaj-coreMaven | < 3.3.1 | 3.3.1 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-xgqr-5wqw-9fpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32287ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/11/03/4ghsamailing-listWEB
- lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shddghsaWEB
News mentions
0No linked articles in our index yet.