In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.
Insufficient path normalization in the Submodel HTTP API causes the fileName parameter passed during file upload operations to not be properly validated. An attacker can upload a crafted fileName parameter value containing path traversal sequences (e.g., '../../'), which allows bypassing intended file storage boundaries. As a result, the Java process writes files to any location in the file system for which it has permissions. The attack requires no authentication or user interaction.
An attacker can write arbitrary files anywhere in the file system accessible to the Java process, which may lead to remote code execution (RCE) and complete system compromise.
Eclipse BaSyx Java Server SDK must be updated to version 2.0.0-milestone-10 or later. Details available in the vendor references: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423
Eclipse BaSyx Java Server SDK in versions prior to 2.0.0-milestone-10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H