CVE-2019-0207
CVSS v3.1
7.5 (High)
CVSS v2.0
5 (Medium)
EPSS
0.18 % (56th)
Affected Products
1
Advisories
1
Tapestry processes assets /assets/ctx
using classes chain StaticFilesFilter -> AssetDispatcher -> ContextResource
, which doesn't filter the character \
, so attacker can perform a path traversal attack to read any files on Windows platform.
Weaknesses
- CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2019-09-16 17:15:13
(5 years ago) - Updated Date
-
2023-11-07 03:01:49
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...