CVE-2024-23673 – Apache Sling Servlets Resolver: Malicious code execution via path traversal

https://notcve.org/view.php?id=CVE-2024-23673

06 Feb 2024 — Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixe... • http://www.openwall.com/lists/oss-security/2024/02/06/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •