GHSA-qmgj-5h75-jr67

Suggest an improvement
Source
https://github.com/advisories/GHSA-qmgj-5h75-jr67
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmgj-5h75-jr67/GHSA-qmgj-5h75-jr67.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qmgj-5h75-jr67
Aliases
  • CVE-2006-2758
Published
2022-05-01T07:02:10Z
Modified
2024-02-16T08:11:15.505183Z
Summary
Jetty Directory Traversal Vulnerability
Details

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name
org.mortbay.jetty:jetty
View open source insights on deps.dev
Purl
pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.0.beta16

Affected versions

4.*

4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12

6.*

6.0.0Beta1
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4