CVE-2018-13864: Path Traversal

July 17, 2018 (updated November 25, 2019)

A directory traversal vulnerability has been found in the Assets controller in the Play Framework. When running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

References

nvd.nist.gov/vuln/detail/CVE-2018-13864
www.playframework.com/security/vulnerability/CVE-2018-13864-PathTraversal

Detect and mitigate CVE-2018-13864 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →