CVE-2021-39109: Path traversal in atlasboard
(updated )
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.
References
- arxiv.org/abs/2506.04962
- arxiv.org/pdf/2506.04962
- bitbucket.org/atlassian/atlasboard/commits/9c03df09f09399e2601010466e8ba3a28236eb9c
- bitbucket.org/atlassian/atlasboard/pull-requests/91/buildeng-19379-apply-only-the-path
- bitbucket.org/atlassian/atlasboard/src/master
- github.com/advisories/GHSA-25pr-6pr6-68v7
- nvd.nist.gov/vuln/detail/CVE-2021-39109
Code Behaviors & Features
Detect and mitigate CVE-2021-39109 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →