Описание
FusionAuth vulnerable to directory traversal attack
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Пакеты
Наименование
io.fusionauth:fusionauth-java-client
maven
Затронутые версииВерсия исправления
>= 1.37.0, < 1.41.3
1.41.3
Связанные уязвимости
CVSS3: 7.5
nvd
около 3 лет назад
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.