VYPR
High severityNVD Advisory· Published Aug 30, 2019· Updated Aug 5, 2024

CVE-2019-15630

CVE-2019-15630

Description

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.mule.runtime:muleMaven
>= 3.0.0, <= 4.1.5

Affected products

3
  • ghsa-coords
    Range: >= 3.0.0, <= 4.1.5
  • Salesforce, Inc./Mulesoftv5
    Range: 3.x and 4.x released before August 1 2019
  • Salesforce, Inc./Mulesoft API Gatewayv5
    Range: All versions

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.