Description
Gravitee API Management before 3.15.13 allows path traversal through HTML injection.
Remediation
References
https://community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164
https://gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3
Related Vulnerabilities
CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2022-34191 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2022-34778 Vulnerability in maven package org.jenkins-ci.plugins:testng-plugin
CVE-2019-1003022 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring
CVE-2017-8046 Vulnerability in maven package org.springframework.boot:spring-boot-starter-data-rest