Описание
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.2 (исключая)
cpe:2.3:a:sparkjava:spark:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
redhat
почти 8 лет назад
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
CVSS3: 5.3
github
больше 7 лет назад
Moderate severity vulnerability that affects com.sparkjava:spark-core
EPSS
Процентиль: 58%
0.00372
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22