CVSS: 5.3EPSS: 7%CPEs: 20EXPL: 2CVE-2021-28164 – Jetty 9.4.37.v20210219 - Information Disclosure
https://notcve.org/view.php?id=CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF. Por ejemplo, una petición a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml. • https://www.exploit-db.com/exploits/50438 http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6% • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 1CVE-2021-28163 – jetty: Symlink directory exposes webapp directory contents
https://notcve.org/view.php?id=CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. En Eclipse Jetty versiones 9.4.32 hasta 9.4.38, versiones 10.0.0.beta2 hasta 10.0.1 y versiones 11.0.0.beta2 hasta 11.0.1, si un usuario usa un directorio de aplicaciones web que es un enlace simbólico, el contenido del directorio de aplicaciones web se implementa como una aplicación web estática, sin darse cuenta, sirviendo las aplicaciones web en sí y cualquier otra cosa que pueda estar en ese directorio. If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 37EXPL: 0CVE-2020-11987 – batik: SSRF due to improper input validation by the NodePickerPanel
https://notcve.org/view.php?id=CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Apache Batik versión 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación de entrada inapropiada por parte de NodePickerPanel. Al usar un argumento especialmente diseñado, un atacante podría explotar esta vulnerabilidad para causar que el servidor subyacente lleve a cabo peticiones GET arbitrarias • https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5 https: • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 3CVE-2019-17495
https://notcve.org/view.php?id=CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. Una vulnerabilidad de inyección de Cascading Style Sheets (CSS) en Swagger UI versiones anteriores a la versión 3.23.11, permite a atacantes utilizar la técnica de sobrescritura de ruta relativa (RPO) para realizar una exfiltración del valor de campo de entrada basada en CSS, como la exfiltración de un valor de token CSRF. En otras palabras, este producto permite intencionalmente insertar datos JSON no confiables desde servidores remotos, pero no se sabía previamente que (style)@import dentro de los datos JSON era un método de ataque funcional. • https://github.com/ossf-cve-benchmark/CVE-2019-17495 https://github.com/SecT0uch/CVE-2019-17495-test https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 https://github.com/tarantula-team/CSS-injection-in-Swagger-UI https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r84b3 • CWE-352: Cross-Site Request Forgery (CSRF) •