GHSA-4vwv-x3gp-2j4g

Suggest an improvement
Source
https://github.com/advisories/GHSA-4vwv-x3gp-2j4g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vwv-x3gp-2j4g/GHSA-4vwv-x3gp-2j4g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4vwv-x3gp-2j4g
Aliases
  • CVE-2015-3198
Published
2022-05-17T02:19:49Z
Modified
2024-02-16T08:25:10.053097Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
The Undertow module of WildFly allows source code disclosure
Details

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.

Database specific 
{
    "nvd_published_at": "2017-07-21T14:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-03T21:24:41Z"
}
References

Affected packages

Maven / org.wildfly:wildfly-parent

Package

Name
org.wildfly:wildfly-parent
View open source insights on deps.dev
Purl
pkg:maven/org.wildfly/wildfly-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1.0.Final
Fixed
9.0.0.CR2

Affected versions

8.*

8.1.0.Final
8.2.0.Final
8.2.1.Final

9.*

9.0.0.Alpha1
9.0.0.Beta1
9.0.0.Beta2
9.0.0.CR1

Database specific 

{
    "last_known_affected_version_range": "<= 9.0.0.CR1"
}