GHSA-q35w-85pq-rv3x

Source

https://github.com/advisories/GHSA-q35w-85pq-rv3x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-q35w-85pq-rv3x/GHSA-q35w-85pq-rv3x.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-q35w-85pq-rv3x

Aliases

CVE-2022-45129

Published

2022-11-10T12:01:03Z

Modified

2025-09-04T19:42:29.124154Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF

Details

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2022-11-10T06:15:00Z",
    "cwe_ids": [
        "CWE-552"
    ],
    "github_reviewed_at": "2025-09-04T18:23:53Z"
}

References

Affected packages

Maven / fish.payara.distributions:payara

Package

Name: fish.payara.distributions:payara; View open source insights on deps.dev
Purl: pkg:maven/fish.payara.distributions/payara

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2021.1.Alpha1

Fixed

6.2022.2

Affected versions

6.*

6.2021.1.Alpha1

6.2022.1.Alpha2

6.2022.1.Alpha3

6.2022.1.Alpha4

6.2022.1

Maven / fish.payara.distributions:payara

Package

Name: fish.payara.distributions:payara; View open source insights on deps.dev
Purl: pkg:maven/fish.payara.distributions/payara

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0.Alpha1

Fixed

5.2022.5

Affected versions

5.*

5.0.0.Alpha1

5.0.0.Alpha2

5.0.0.Alpha3

5.181

5.182

5.183

5.184

5.191

5.192

5.193

5.193.1

5.194

5.201

5.2020.2

5.2020.3

5.2020.4

5.2020.5

5.2020.6

5.2020.7

5.2021.1

5.2021.2

5.2021.3

5.2021.4

5.2021.5

5.2021.6

5.2021.7

5.2021.8

5.2021.9

5.2021.10

5.2022.1

5.2022.2

5.2022.3

5.2022.4

Database specific

{
    "last_known_affected_version_range": "< 5.2022.2"
}

Maven / fish.payara.distributions:payara

Package

Name: fish.payara.distributions:payara; View open source insights on deps.dev
Purl: pkg:maven/fish.payara.distributions/payara

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.1.2.181

Affected versions

4.*

4.1.1.161

4.1.1.161.1

4.1.1.162

4.1.1.163

4.1.1.164

4.1.1.171

4.1.1.171.0.1

4.1.1.171.1

4.1.2.172

4.1.2.173

4.1.2.174

4.1.2.181