CVE-2007-0184: Incorrect Authorization in Getahead Direct Web Remoting

May 1, 2022 (updated July 6, 2022)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
exchange.xforce.ibmcloud.com/vulnerabilities/31377
github.com/advisories/GHSA-384c-gg34-g96h
nvd.nist.gov/vuln/detail/CVE-2007-0184

Detect and mitigate CVE-2007-0184 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →