GHSA-mwh9-gr45-xvv4

Source

https://github.com/advisories/GHSA-mwh9-gr45-xvv4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwh9-gr45-xvv4/GHSA-mwh9-gr45-xvv4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mwh9-gr45-xvv4

Aliases

CVE-2019-15630

Published

2022-05-24T16:55:15Z

Modified

2024-02-16T08:16:38.068235Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Mule modules contain Directory Traversal

Details

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process.

Database specific

{
    "nvd_published_at": "2019-08-30T17:15:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T23:35:58Z"
}

References

Affected packages

Maven / org.mule.runtime:mule

Package

Name: org.mule.runtime:mule; View open source insights on deps.dev
Purl: pkg:maven/org.mule.runtime/mule

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Last affected

4.1.5

Affected versions

4.*

4.0.0-BETA.4

4.0.0-rc

4.1.1