GHSA-fj6c-prgj-gr3r

Suggest an improvement
Source
https://github.com/advisories/GHSA-fj6c-prgj-gr3r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fj6c-prgj-gr3r/GHSA-fj6c-prgj-gr3r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fj6c-prgj-gr3r
Aliases
  • CVE-2010-3718
Published
2022-05-14T01:17:02Z
Modified
2024-02-21T20:24:53Z
Summary
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Details

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.4

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.30

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.5.30