GHSA-9g8w-pjpr-prr4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9g8w-pjpr-prr4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9g8w-pjpr-prr4/GHSA-9g8w-pjpr-prr4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9g8w-pjpr-prr4
- Aliases
- Published
- 2022-05-13T01:36:55Z
- Modified
- 2023-11-08T03:59:18.391733Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Path Traversal in io.hawt:project
- Details
-
hawtio before versions 2.0-beta-1, 2.0-beta-2, 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 are vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2022-11-04T20:36:05Z", "nvd_published_at": "2018-05-08T17:29:00Z" }- References
Affected packages
Maven / io.hawt:project
Package
- Name
- io.hawt:project
- View open source insights on deps.dev
- Purl
- pkg:maven/io.hawt/project
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.0
Affected versions
1.*
1.0
1.1
1.2-M1
1.2-M2
1.2-M3
1.2-M4
1.2-M5
1.2-M6
1.2-M7
1.2-M8
1.2-M9
1.2-M10
1.2-M11
1.2-M13
1.2-M14
1.2-M16
1.2-M19
1.2-M20
1.2-M22
1.2-M23
1.2-M24
1.2-M25
1.2-M26
1.2-M27
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.40
1.4.41
1.4.42
1.4.43
1.4.44
1.4.45
1.4.46
1.4.47
1.4.48
1.4.49
1.4.50
1.4.51
1.4.52
1.4.53
1.4.54
1.4.55
1.4.56
1.4.57
1.4.58
1.4.59
1.4.60
1.4.61
1.4.62
1.4.63
1.4.64
1.4.65
1.4.66
1.4.67
1.4.68