High severityNVD Advisory· Published Aug 30, 2019· Updated Aug 5, 2024
CVE-2019-15630
CVE-2019-15630
Description
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.mule.runtime:muleMaven | >= 3.0.0, <= 4.1.5 | — |
Affected products
3- Salesforce, Inc./Mulesoftv5Range: 3.x and 4.x released before August 1 2019
- Salesforce, Inc./Mulesoft API Gatewayv5Range: All versions
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-mwh9-gr45-xvv4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-15630ghsaADVISORY
- help.mulesoft.com/s/article/Directory-traversal-vulnerability-affecting-runtimes-of-MuleSoft-customers-running-certain-use-cases-of-Mule-flows-and-API-GatewaysghsaWEB
- help.salesforce.com/apex/HTViewSolutionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.