Описание
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Пакеты
io.projectreactor.netty:reactor-netty-http
>= 1.1.0, < 1.1.13
1.1.13
io.projectreactor.netty:reactor-netty-http
>= 1.0.0, < 1.0.39
1.0.39
Связанные уязвимости
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Уязвимость HTTP-сервера Reactor Netty, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю раскрыть защищаемую информацию