CVE-2022-2712: Relative Path Traversal

January 27, 2023 (updated January 28, 2023)

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with ‘./’. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

References

bugs.eclipse.org/580502
github.com/advisories/GHSA-3g5w-6pw7-6hrp
github.com/eclipse-ee4j/glassfish/pull/24077
nvd.nist.gov/vuln/detail/CVE-2022-2712

Detect and mitigate CVE-2022-2712 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →