CVE-2019-10242

EPSS 2.0%CWE-22

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

Affected products

The Eclipse Foundation · Eclipse Kura

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835 http://www.securityfocus.com/bid/107844