CVE-2021-32769
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32769
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32769.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-32769
- Aliases
- Published
- 2021-07-16T19:15:07Z
- Modified
- 2024-05-14T08:49:14.003858Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use
**in mapping, use only*, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot. - References
Affected packages
Git / github.com/micronaut-projects/micronaut-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/micronaut-projects/micronaut-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0.M1
v1.0.0.M2
v1.0.0.M3
v1.0.0.M4
v1.0.0.RC1
v1.0.0.RC2
v1.0.0.RC3
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.0.M1
v1.1.0.M2
v1.1.0.RC1
v1.1.0.RC2
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.0.RC1
v1.2.0.RC2
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.0.M1
v1.3.0.M2
v1.3.0.RC1
v1.3.0.TEST
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v2.*
v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.M3
v2.0.0.RC1
v2.0.0.RC2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8