CVE-2019-10242

EPSS 2.0%CWE-22

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

Produtos afetados

The Eclipse Foundation · Eclipse Kura

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835 http://www.securityfocus.com/bid/107844