Community
Participate
Working Groups
Eclipse Kura is affected by CVE-2014-0050 and CVE-2013-0248 due to the use of Apache FileUpload 1.2.2. While Eclipse Kura gateways probably often don’t expose their web interface to malicious users in the first place, this is still a serious issue and could cause devices to become unresponsive if they don't have any watchdog mechanism in place. Updating the code to use a version greater than 1.3.2 for FileUpload would remove the vulnerability. [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 [2] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0248
Hello, This issue has been addressed with this issue [1] and this pull request [2]. The updates will be included in the next release of Kura. [1] https://github.com/eclipse/kura/issues/1282 [2] https://github.com/eclipse/kura/pull/1285 Thanks, --Dave
This has been resolved in 2017