Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
{ "nvd_published_at": "2014-12-01T15:59:00Z", "github_reviewed_at": "2022-07-06T21:05:00Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }