Maven/Org.mule.runtime/Mule | GitLab Advisory Database

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.

Deserialization of Untrusted Data

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections

Advisories for Maven/Org.mule.runtime/Mule package