CVE-2022-37422: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

August 19, 2022 (updated August 30, 2022)

Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.

References

blog.payara.fish/august-community-5-release
github.com/advisories/GHSA-h28c-453m-h9xm
nvd.nist.gov/vuln/detail/CVE-2022-37422

Detect and mitigate CVE-2022-37422 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →