CVE-2019-10242

2019-04-0916:29:01

Google

osv.dev

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

35.6%

JSON

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.

References

www.securityfocus.com/bid/107844

bugs.eclipse.org/bugs/show_bug.cgi?id=545835