CVE-2024-1459: Undertow Path Traversal vulnerability
(updated )
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
References
- access.redhat.com/errata/RHSA-2024:1674
- access.redhat.com/errata/RHSA-2024:1675
- access.redhat.com/errata/RHSA-2024:1676
- access.redhat.com/errata/RHSA-2024:1677
- access.redhat.com/errata/RHSA-2024:2763
- access.redhat.com/errata/RHSA-2024:2764
- access.redhat.com/security/cve/CVE-2024-1459
- bugzilla.redhat.com/show_bug.cgi?id=2259475
- github.com/advisories/GHSA-v76w-3ph8-vm66
- github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c
- github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a
- github.com/undertow-io/undertow/pull/1556
- issues.redhat.com/browse/UNDERTOW-2339
- nvd.nist.gov/vuln/detail/CVE-2024-1459
Detect and mitigate CVE-2024-1459 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →