CVE-2022-2712

Relative Path Traversal in maven/org.glassfish.main.web/web

Identifiers

GHSA-3g5w-6pw7-6hrp, CVE-2022-2712

Package Slug

maven/org.glassfish.main.web/web

Vulnerability

Relative Path Traversal

Description

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Affected Versions

All versions starting from 5.1.0 before 7.0.0

Solution

Upgrade to version 7.0.0 or above.

Last Modified

2023-01-30

source