Identifier

CVE-2020-13953

Package Slug

maven/org.apache.tapestry/tapestry-core

Vulnerability

Files or Directories Accessible to External Parties

Description

In Apache Tapestry, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

Affected Versions

All versions starting from 5.4.0 up to 5.5.0

Solution

Upgrade to version 5.6.0 or above.

Last Modified

2020-10-09

source