Description
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
Remediation
References
https://bugs.eclipse.org/580502
Related Vulnerabilities
CVE-2022-3782 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2018-1999020 Vulnerability in maven package org.onosproject:onos-core-common
CVE-2017-16201 Vulnerability in npm package zjjserver
CVE-2019-5484 Vulnerability in npm package bower
CVE-2021-29425 Vulnerability in maven package commons-io:commons-io