com.bstek.ureport:ureport2-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.bstek.ureport:ureport2-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-24188 — CVSS 9.1 (critical): ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to…
CVE-2023-24187 — CVSS 7.8 (high): An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to…
CVE-2023-48848 — CVSS 7.5 (high): An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a…