Description
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
Remediation
References
https://blog.payara.fish/august-community-5-release
https://www.payara.fish/downloads/
Related Vulnerabilities
CVE-2021-45029 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2023-0100 Vulnerability in maven package org.eclipse.birt:org.eclipse.birt.report.viewer
CVE-2020-14966 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2022-23619 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2018-1000184 Vulnerability in maven package com.coravy.hudson.plugins.github:github