CVE-2021-30638
maven/org.apache.tapestry/tapestry-core
Information Exposure
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953.
All versions starting from 5.4.0 before 5.6.4, all versions starting from 5.7.0 before 5.7.2
Upgrade to versions 5.6.4, 5.7.2 or above.
2021-05-07
source |