Primary

Context

cld378632668 JavaMall Path Traversal Vulnerability in MinioController Delete Function

Vulnerability

A path traversal vulnerability allowing arbitrary file deletion has been identified in cld378632668 JavaMall versions through 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. The issue arises in the MinioController.java file, specifically within the delete function. The vulnerability is due to insufficient validation of the objectName parameter, which can be manipulated to traverse directories. This flaw can be exploited remotely, leading to serious consequences by allowing attackers to delete arbitrary files on the server.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files, potentially causing data loss or disruption of service.

Remediation

It is recommended to implement proper validation of file names and extensions in the delete function. Additionally, restrictions should be applied to prevent directory traversal attacks, ensuring that only intended files can be deleted.

Added: Jan 5, 2026, 1:18 AM

Updated: Jan 5, 2026, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

cld378632668 JavaMall Path Traversal Vulnerability in MinioController Delete Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating