High severity7.5NVD Advisory· Published Dec 12, 2018· Updated Jun 17, 2026
CVE-2018-20094
CVE-2018-20094
Description
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.xuxueli:xxl-conf-adminMaven | <= 1.6.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/xuxueli/xxl-conf/issues/61nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-8j39-fgfp-vxh8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20094ghsaADVISORY
- github.com/xuxueli/xxl-conf/blob/6726dfe7979ea6d8fb983771471cde69789de632/xxl-conf-admin/src/main/java/com/xxl/conf/admin/controller/ConfController.javaghsaWEB
News mentions
0No linked articles in our index yet.