GHSA-pffw-p2q5-w6vh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pffw-p2q5-w6vh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-pffw-p2q5-w6vh/GHSA-pffw-p2q5-w6vh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pffw-p2q5-w6vh
- Aliases
- Published
- 2019-04-08T16:23:36Z
- Modified
- 2023-11-08T04:00:32.030969Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
- Details
-
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:49:01Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-0225
- https://github.com/advisories/GHSA-pffw-p2q5-w6vh
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
- https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/03/26/2
- http://www.securityfocus.com/bid/107627
Affected packages
Maven / org.apache.jspwiki:jspwiki-war
Package
- Name
- org.apache.jspwiki:jspwiki-war
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.jspwiki/jspwiki-war