CVE-2018-13864

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/com.typesafe.play/play_2.12

Identifiers

GHSA-v4mq-p756-p4f5, CVE-2018-13864

Package Slug

maven/com.typesafe.play/play_2.12

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

Affected Versions

All versions starting from 2.6.12 before 2.6.16

Solution

Upgrade to version 2.6.16 or above.

Last Modified

2022-11-23

source