Описание
Gravitee API Management contains Path Traversal
This CVE addresses the partial fix for CVE-2019-25075
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary files via a /management/users/register request.
A patch was published in 2019 for this vulnerability but did not appear to have solved the issue. Version 3.15.13 did remove the flaw.
Пакеты
Наименование
io.gravitee.apim:gravitee-api-management
maven
Затронутые версииВерсия исправления
< 3.15.13
3.15.13
Связанные уязвимости
CVSS3: 8.6
nvd
около 3 лет назад
Gravitee API Management before 3.15.13 allows path traversal through HTML injection.