CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
References
Link Resource
https://bugs.eclipse.org/580502 Permissions Required Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

Information

Published : 2023-01-27 10:15

Updated : 2023-02-06 07:38


NVD link : CVE-2022-2712

Mitre link : CVE-2022-2712

Products Affected
No products.
CWE