Описание
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
A flaw was found in the Reactor Netty HTTP Server. If the server is configured to serve static resources, an attacker can use a specially crafted URL that may allow unauthorized access to privileged data on the server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | reactor-netty-http | Not affected | ||
| Red Hat build of Debezium 2 | reactor-netty-http | Not affected | ||
| Red Hat Fuse 7 | reactor-netty-http | Not affected | ||
| Red Hat Integration Camel K 1 | reactor-netty-http | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | reactor-netty-http | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | reactor-netty-http | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | reactor-netty-http | Not affected | ||
| Red Hat OpenShift Dev Spaces | reactor-netty-http | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
Уязвимость HTTP-сервера Reactor Netty, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю раскрыть защищаемую информацию
7.5 High
CVSS3