CVE-2022-38723: Relative Path Traversal

January 3, 2023 (updated January 23, 2023)

Gravitee API Management before 3.15.13 allows path traversal through HTML injection.

References

community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164
gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3
github.com/advisories/GHSA-vp62-m958-qj8c
github.com/advisories/GHSA-xc4w-28g8-vqm5
nvd.nist.gov/vuln/detail/CVE-2022-38723

Detect and mitigate CVE-2022-38723 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →