GHSA-vp62-m958-qj8c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vp62-m958-qj8c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-vp62-m958-qj8c/GHSA-vp62-m958-qj8c.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vp62-m958-qj8c
- Aliases
- Published
- 2023-01-04T00:30:26Z
- Modified
- 2023-11-01T04:59:44.260074Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Gravitee API Management contains Path Traversal
- Details
-
This CVE addresses the partial fix for CVE-2019-25075
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary files via a /management/users/register request.
A patch was published in 2019 for this vulnerability but did not appear to have solved the issue. Version 3.15.13 did remove the flaw.
- Database specific
{ "severity": "HIGH", "github_reviewed_at": "2023-01-06T17:21:33Z", "cwe_ids": [ "CWE-22", "CWE-79" ], "github_reviewed": true, "nvd_published_at": "2023-01-03T22:15:00Z" }- References
Affected packages
Maven / io.gravitee.apim:gravitee-api-management
Package
- Name
- io.gravitee.apim:gravitee-api-management
- View open source insights on deps.dev
- Purl
- pkg:maven/io.gravitee.apim/gravitee-api-management
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.15.13
Affected versions
3.*
3.5.18
3.5.19
3.5.20
3.5.21
3.5.22
3.5.23
3.5.24
3.5.25
3.5.26
3.5.27
3.5.28
3.5.29
3.5.30
3.5.31
3.8.6
3.8.7
3.9.3
3.9.4
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.10.8
3.10.9
3.10.10
3.10.11
3.10.12
3.10.13
3.10.14
3.10.15
3.10.16
3.10.17
3.10.18
3.10.19
3.10.20
3.10.21
3.11.0
3.11.1
3.11.2
3.11.3
3.12.0
3.12.1
3.12.2
3.12.3
3.12.4
3.12.5
3.12.6
3.13.0
3.13.1
3.13.2
3.13.3
3.14.0
3.14.1
3.15.0
3.15.1
3.15.3
3.15.4
3.15.5
3.15.7
3.15.8
3.15.9
3.15.10
3.15.11
3.15.12