Moderate severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024
CVE-2020-13953
CVE-2020-13953
Description
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tapestry:tapestry-coreMaven | >= 5.4.0, < 5.6.0 | 5.6.0 |
Affected products
2- Apache/Tapestrydescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w9mp-p2wp-2xf7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13953ghsaADVISORY
- lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.