CVE-2016-9879: Encoded "/" in path variables

January 6, 2017 (updated May 14, 2024)

This package does not consider URL path parameters when processing security constraints.Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.

References

pivotal.io/security/cve-2016-9879

Detect and mitigate CVE-2016-9879 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →