CVE-2021-28163, GHSA-j6qj-j888-vvgq
maven/org.eclipse.jetty/jetty-util
Improper Link Resolution Before File Access
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
All versions starting from 9.4.32 before 9.4.39, all versions starting from 10.0.0 up to 10.0.1, all versions starting from 11.0.0 up to 11.0.1
Upgrade to versions 9.4.39.v20210325, 10.0.2, 11.0.2 or above.
2021-04-10
source |