exploitDog

GHSA-4mq9-66fv-8x9q

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

Ссылки

EPSS

Процентиль: 71%

0.00689

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-10242

CVSS3: 5.3

nvd

почти 7 лет назад

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

EPSS

Процентиль: 71%

0.00689

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22