In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
2020-09-30T18:15:21.317
2024-11-21T05:02:13.517
Modified
CVSSv3.1: 5.3 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | apache | tapestry | < 5.6.4 | Yes |
Application | apache | tapestry | < 5.7.2 | Yes |