Lucene search

K
osvGoogleOSV:CVE-2021-30638
HistoryApr 27, 2021 - 7:15 p.m.

CVE-2021-30638

2021-04-2719:15:07
Google
osv.dev
7
cve-2021-30638
information exposure
apache tapestry
context asset handling
web-inf
cve-2020-13953
vulnerability
software

AI Score

6.7

Confidence

Low

EPSS

0.007

Percentile

79.7%

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.

AI Score

6.7

Confidence

Low

EPSS

0.007

Percentile

79.7%