CVE-2020-13953

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:17

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E', 'name': '[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E -

Information

Published : 2020-09-30 18:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-13953

Mitre link : CVE-2020-13953

CVE.ORG link : CVE-2020-13953


JSON object : View

Products Affected

apache

  • tapestry
CWE
CWE-552

Files or Directories Accessible to External Parties