Moderate severityNVD Advisory· Published Aug 23, 2022· Updated Aug 5, 2024

CVE-2019-25075

Description

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.gravitee.apim:gravitee-api-managementMaven	< 1.25.3	1.25.3

Affected products

Gravitee/API Managementdescription
ghsa-coords
pkg:maven/io.gravitee.apim/gravitee-api-management
Range: < 1.25.3

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xc4w-28g8-vqm5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-25075ghsaADVISORY
medium.com/%40maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69fmitrex_refsource_MISC
medium.com/@maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69fghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000