Description
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
Remediation
References
https://bugs.eclipse.org/580502
Related Vulnerabilities
CVE-2023-47467 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common
CVE-2014-7816 Vulnerability in maven package io.undertow:undertow-servlet
CVE-2023-25345 Vulnerability in maven package org.webjars.npm:swig-templates
CVE-2020-7681 Vulnerability in npm package marscode
CVE-2018-1261 Vulnerability in maven package org.springframework.integration:spring-integration-zip