CVE-2021-24122: Information Exposure
(updated )
When serving resources from a network location using the NTFS file system, Apache Tomcat is susceptible to JSP source code disclosure in some configurations. The root cause is the unexpected behaviour of the JRE API File.getCanonicalPath()
which in turn is caused by the inconsistent behaviour of the Windows API (FindFirstFileW
) in some circumstances.
References
Detect and mitigate CVE-2021-24122 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →