GHSA-fmr4-w67p-vh8x

Source

https://github.com/advisories/GHSA-fmr4-w67p-vh8x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-fmr4-w67p-vh8x/GHSA-fmr4-w67p-vh8x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fmr4-w67p-vh8x

Aliases

CVE-2018-1047

Published

2018-10-19T16:55:35Z

Modified

2023-11-08T03:59:43.389687Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper Input Validation in org.wildfly:wildfly-undertow

Details

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

Database specific

{
    "nvd_published_at": "2018-01-24T23:29:00Z",
    "github_reviewed_at": "2020-06-16T20:49:32Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20",
        "CWE-22"
    ]
}

References

Affected packages

Maven / org.wildfly:wildfly-undertow

Package

Name: org.wildfly:wildfly-undertow; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly/wildfly-undertow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.0.0

Affected versions

8.*

8.0.0.Alpha1

8.0.0.Alpha2

8.0.0.Alpha3

8.0.0.Alpha4

8.0.0.Beta1

8.0.0.CR1

8.0.0.Final

8.1.0.CR1

8.1.0.CR2

8.1.0.Final

8.2.0.Final

8.2.1.Final

9.*

9.0.0.Alpha1

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

9.0.0.CR2

9.0.0.Final

9.0.1.Final

9.0.2.Final

10.*

10.0.0.Alpha1

10.0.0.Alpha2

10.0.0.Alpha3

10.0.0.Alpha4

10.0.0.Alpha5

10.0.0.Alpha6

10.0.0.Beta1

10.0.0.Beta2

10.0.0.CR1

10.0.0.CR2

10.0.0.CR3

10.0.0.CR4

10.0.0.CR5

10.0.0.Final

10.1.0.CR1

10.1.0.Final

11.*

11.0.0.Alpha1

11.0.0.Beta1

11.0.0.CR1

11.0.0.Final

12.*

12.0.0.Beta1

12.0.0.CR1