GHSA-9g8w-pjpr-prr4

Suggest an improvement
Source
https://github.com/advisories/GHSA-9g8w-pjpr-prr4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9g8w-pjpr-prr4/GHSA-9g8w-pjpr-prr4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9g8w-pjpr-prr4
Aliases
Published
2022-05-13T01:36:55Z
Modified
2023-11-08T03:59:18.391733Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Path Traversal in io.hawt:project
Details

hawtio before versions 2.0-beta-1, 2.0-beta-2, 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 are vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.

References

Affected packages

Maven / io.hawt:project

Package

Name
io.hawt:project
View open source insights on deps.dev
Purl
pkg:maven/io.hawt/project

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0

Affected versions

1.*

1.0
1.1
1.2-M1
1.2-M2
1.2-M3
1.2-M4
1.2-M5
1.2-M6
1.2-M7
1.2-M8
1.2-M9
1.2-M10
1.2-M11
1.2-M13
1.2-M14
1.2-M16
1.2-M19
1.2-M20
1.2-M22
1.2-M23
1.2-M24
1.2-M25
1.2-M26
1.2-M27
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.40
1.4.41
1.4.42
1.4.43
1.4.44
1.4.45
1.4.46
1.4.47
1.4.48
1.4.49
1.4.50
1.4.51
1.4.52
1.4.53
1.4.54
1.4.55
1.4.56
1.4.57
1.4.58
1.4.59
1.4.60
1.4.61
1.4.62
1.4.63
1.4.64
1.4.65
1.4.66
1.4.67
1.4.68