CVE-2021-28163

Improper Link Resolution Before File Access in maven/org.apache.ignite/ignite-core

Identifiers

CVE-2021-28163, GHSA-j6qj-j888-vvgq

Package Slug

maven/org.apache.ignite/ignite-core

Vulnerability

Improper Link Resolution Before File Access

Description

In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Affected Versions

All versions before 2.1.1

Solution

Upgrade to version 2.2.0 or above.

Last Modified

2021-09-20

source