Path Traversal In Eclipse GlassFish
Moderate severity
GitHub Reviewed
Published
Jan 27, 2023
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Package
Affected versions
>= 5.1.0, < 7.0.0
Patched versions
7.0.0
Description
Published by the National Vulnerability Database
Jan 27, 2023
Published to the GitHub Advisory Database
Jan 27, 2023
Last updated
Jan 28, 2023
Reviewed
Jan 28, 2023
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
References