Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vp62-m958-qj8c: Gravitee API Management contains Path Traversal

This CVE addresses the partial fix for CVE-2019-25075

Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary files via a /management/users/register request.

A patch was published in 2019 for this vulnerability but did not appear to have solved the issue. Version 3.15.13 did remove the flaw.

2 years ago

#vulnerability #git

Gravitee API Management contains Path Traversal

Moderate severity GitHub Reviewed Published Jan 4, 2023 • Updated Jan 6, 2023

Related news

CVE-2022-38723: What's new in Access Management 3.15 (LTS)?

Gravitee API Management before 3.15.13 allows path traversal through HTML injection.

2 years ago

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

22 hours ago

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

23 hours ago

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

23 hours ago

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

1 day ago

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

1 day ago