GHSA-3g5w-6pw7-6hrp

Suggest an improvement
Source
https://github.com/advisories/GHSA-3g5w-6pw7-6hrp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-3g5w-6pw7-6hrp/GHSA-3g5w-6pw7-6hrp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3g5w-6pw7-6hrp
Aliases
  • CVE-2022-2712
Published
2023-01-27T12:30:29Z
Modified
2023-11-08T04:08:56.085788Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Path Traversal In Eclipse GlassFish
Details

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

References

Affected packages

Maven / org.glassfish.main.web:web

Package

Name
org.glassfish.main.web:web
View open source insights on deps.dev
Purl
pkg:maven/org.glassfish.main.web/web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1.0
Fixed
7.0.0

Affected versions

5.*

5.1.0

6.*

6.0.0-M1
6.0.0-RC1
6.0.0-RC2
6.0.0-RC3
6.0.0-RC4
6.0.0
6.1.0
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5

7.*

7.0.0-M1
7.0.0-M2
7.0.0-M3
7.0.0-M4
7.0.0-M10