GHSA-c5vw-342h-x5rx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c5vw-342h-x5rx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c5vw-342h-x5rx/GHSA-c5vw-342h-x5rx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c5vw-342h-x5rx
- Aliases
-
- CVE-2006-3936
- Published
- 2022-05-01T07:13:46Z
- Modified
- 2024-02-12T17:26:38.771922Z
- Summary
- Alkacon OpenCms Exposes JSP Source Code
- Details
-
system/workplace/editors/editor.jspin Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated usingindex.jsp. - Database specific
{ "nvd_published_at": "2006-07-31T22:04:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-12T17:13:48Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2006-3936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28001
- https://github.com/alkacon/opencms-core
- https://web.archive.org/web/20061014175017/http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt
- https://web.archive.org/web/20201208142708/http://www.securityfocus.com/archive/1/441182/100/0/threaded
- http://www.opencms.org/opencms/en/shownews.html?id=1002
Affected packages
Maven / org.opencms:opencms-core
Package
- Name
- org.opencms:opencms-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opencms/opencms-core