Headline
GHSA-3g5w-6pw7-6hrp: Path Traversal In Eclipse GlassFish
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './’. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-2712
Path Traversal In Eclipse GlassFish
Moderate severity GitHub Reviewed Published Jan 27, 2023 to the GitHub Advisory Database • Updated Jan 28, 2023
Package
maven org.glassfish.main.web:web (Maven)
Affected versions
>= 5.1.0, < 7.0.0
Last updated
Jan 28, 2023
Published to the GitHub Advisory Database
Jan 27, 2023
Published by the National Vulnerability Database
Jan 27, 2023
Related news
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.