Maven package
io.gravitee.apim/gravitee-api-management
pkg:maven/io.gravitee.apim/gravitee-api-management
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-38723 | — | < 3.15.13 | 3.15.13 | Jan 3, 2023 | Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | ||
| CVE-2019-25075 | — | < 1.25.3 | 1.25.3 | Aug 23, 2022 | HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. |
- CVE-2022-38723Jan 3, 2023affected < 3.15.13fixed 3.15.13
Gravitee API Management before 3.15.13 allows path traversal through HTML injection.
- CVE-2019-25075Aug 23, 2022affected < 1.25.3fixed 1.25.3
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.