GHSA-3g5w-6pw7-6hrp, CVE-2022-2712
maven/org.glassfish.main.web/web
Relative Path Traversal
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
All versions starting from 5.1.0 before 7.0.0
Upgrade to version 7.0.0 or above.
2023-01-30
source |