Description
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
Related Vulnerabilities
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc
CVE-2019-8331 Vulnerability in maven package org.webjars.npm:bootstrap
CVE-2012-3536 Vulnerability in maven package org.apache.james.hupa:hupa-server
CVE-2019-1003044 Vulnerability in maven package org.jenkins-ci.plugins:slack
CVE-2023-23936 Vulnerability in maven package org.webjars.npm:undici