CVE-2021-30638

Information Exposure in maven/org.apache.tapestry/tapestry-core

Identifier

CVE-2021-30638

Package Slug

maven/org.apache.tapestry/tapestry-core

Vulnerability

Information Exposure

Description

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953.

Affected Versions

All versions starting from 5.4.0 before 5.6.4, all versions starting from 5.7.0 before 5.7.2

Solution

Upgrade to versions 5.6.4, 5.7.2 or above.

Last Modified

2021-05-07

source