CVE-2019-0207

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.18 % (56^th)

Affected Products 1

Advisories 1

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter -> AssetDispatcher -> ContextResource, which doesn't filter the character \, so attacker can perform a path traversal attack to read any files on Windows platform.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2019-09-16 17:15:13
(5 years ago)
Updated Date: 2023-11-07 03:01:49
(10 months ago)

Affected Products

Apache

Tapestry

Configuration #1

		CPE23	From	Up To
	Apache Tapestry from 5.4.0 version and 5.4.4 and prior versions	cpe:2.3:a:apache:tapestry	>= 5.4.0	<= 5.4.4