GHSA-wv7g-xhvw-8hcp, CVE-2008-6505
maven/org.apache.struts/struts2-core
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
All versions starting from 2.0.0 before 2.0.12, all versions starting from 2.1.0 before 2.1.3
Upgrade to versions 2.0.12, 2.1.3 or above.
2024-02-12
source |