CVE-2021-28169 @ Maven-org.eclipse.jetty:jetty-server-9.4.19.v20190610 #207
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.eclipse.jetty:jetty-server-9.4.19.v20190610 in branch master
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to
/concat?/%2557EB-INF/web.xmlcan retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.Namespace: cxronen
Repository: BookStore_VSCode
Repository Url: https://github.com/cxronen/BookStore_VSCode
CxAST-Project: cxronen/BookStore_VSCode
CxAST platform scan: 4ac4da5a-0ce1-4c67-8015-eaa5b7b82736
Branch: master
Application: BookStore_VSCode
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-200
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 9.4.43.v20210629
References
Advisory
Commit
Commit
Issue
Pull request
Pull request
The text was updated successfully, but these errors were encountered: