Maven package
org.fitnesse/fitnesse
pkg:maven/org.fitnesse/fitnesse
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42499 | Med | 5.3 | < 20241026 | 20241026 | Nov 15, 2024 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file co | |
| CVE-2024-39610 | — | < 20241026 | 20241026 | Nov 15, 2024 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | ||
| CVE-2024-28125 | Cri | 9.8 | <= 20240707 | — | Mar 18, 2024 | FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation. | |
| CVE-2024-28128 | — | < 20220319 | 20220319 | Mar 18, 2024 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain paramet | ||
| CVE-2014-1216 | — | >= 20131110, < 20140418 | 20140418 | Apr 22, 2014 | FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. |
- affected < 20241026fixed 20241026
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file co
- CVE-2024-39610Nov 15, 2024affected < 20241026fixed 20241026
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
- affected <= 20240707
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.
- CVE-2024-28128Mar 18, 2024affected < 20220319fixed 20220319
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain paramet
- CVE-2014-1216Apr 22, 2014affected >= 20131110, < 20140418fixed 20140418
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.