VYPR
High severityNVD Advisory· Published Sep 16, 2019· Updated Aug 4, 2024

CVE-2019-0207

CVE-2019-0207

Description

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter -> AssetDispatcher -> ContextResource, which doesn't filter the character \, so attacker can perform a path traversal attack to read any files on Windows platform.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tapestry:tapestry-coreMaven
>= 5.4.0, < 5.4.55.4.5

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.