GHSA-q35w-85pq-rv3x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q35w-85pq-rv3x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-q35w-85pq-rv3x/GHSA-q35w-85pq-rv3x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q35w-85pq-rv3x
- Aliases
- Published
- 2022-11-10T12:01:03Z
- Modified
- 2025-09-04T18:57:28.147499Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
- Details
-
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2022-11-10T06:15:00Z", "github_reviewed_at": "2025-09-04T18:23:53Z", "github_reviewed": true, "cwe_ids": [ "CWE-552" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-45129
- https://github.com/payara/Payara/issues/6136
- https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e
- https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
- https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
- https://github.com/payara/Payara
- https://github.com/payara/Payara/issues?q=FISH-6775
- http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
- http://seclists.org/fulldisclosure/2022/Nov/11
Affected packages
Maven / fish.payara.distributions:payara
Package
- Name
- fish.payara.distributions:payara
- View open source insights on deps.dev
- Purl
- pkg:maven/fish.payara.distributions/payara
Maven / fish.payara.distributions:payara
Package
- Name
- fish.payara.distributions:payara
- View open source insights on deps.dev
- Purl
- pkg:maven/fish.payara.distributions/payara
Affected versions
5.*
5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Alpha3
5.181
5.182
5.183
5.184
5.191
5.192
5.193
5.193.1
5.194
5.201
5.2020.2
5.2020.3
5.2020.4
5.2020.5
5.2020.6
5.2020.7
5.2021.1
5.2021.2
5.2021.3
5.2021.4
5.2021.5
5.2021.6
5.2021.7
5.2021.8
5.2021.9
5.2021.10
5.2022.1
5.2022.2
5.2022.3
5.2022.4
Maven / fish.payara.distributions:payara
Package
- Name
- fish.payara.distributions:payara
- View open source insights on deps.dev
- Purl
- pkg:maven/fish.payara.distributions/payara