CVE-2019-0225 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=2.9.0 <2.11.0.m3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03593 pctl0.87297

Details

Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

Metadata

Created: 2019-04-08T16:23:36Z
Modified: 2022-09-17T00:13:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-pffw-p2q5-w6vh/GHSA-pffw-p2q5-w6vh.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-pffw-p2q5-w6vh
Finding: F063
Auto approve: 1