CVE-2024-36117 Path traversal while serving Reposilite javadoc expanded files

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

CVE-2024-36116 Path traversal in Reposilite javadoc file expansion

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

EUVD-2024-2579

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

CVE-2024-36116

The CVE-2024-36116 issue in Reposilite arises from path traversal in the Javadoc archive expansion logic. The archive’s file.name can contain traversal sequences (for example ../../../anything.txt), allowing an extracted path to escape the intended unpack directory. An attacker could craft a mali...

CVE-2024-36116 Path traversal in Reposilite javadoc file expansion

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

CVE-2024-36116 Path traversal in Reposilite javadoc file expansion

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

CVE-2024-36115

CVE-2024-36115 affects Reposilite (v3.5.10 and prior) where artifact content served in the browser can execute JavaScript within the same origin, enabling stored XSS that can access token-secret from localStorage. This can lead to full compromise of the Reposilite instance and, in worst cases, re...

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

PT-2024-26903 · Unknown · Reposilite

Name of the Vulnerable Software and Affected Versions: Reposilite versions 3.5.10 through 3.5.11 Description: The issue is related to an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. This occurs because the GET /javadoc/repository//raw/ route uses the...

Reposilite Security Vulnerabilities

Reposilite is a lightweight and easy-to-use repository manager for Maven-based artifacts in the JVM ecosystem by the individual developer dzikoysk. A security vulnerability exists in Reposilite versions prior to 3.5.12, which stems from the presence of path traversal that allows an attacker to...

Reposilite Security Vulnerabilities

Reposilite is a lightweight and easy-to-use repository manager for Maven-based artifacts in the JVM ecosystem by dzikoysk individual developers. A security vulnerability exists in Reposilite versions prior to 3.5.12 that stems from vulnerability to stored cross-site scripting attacks...

Reposilite Security Vulnerabilities

Reposilite is a lightweight and easy-to-use repository manager for Maven-based artifacts in the JVM ecosystem by the individual developer dzikoysk. A security vulnerability exists in Reposilite versions prior to 3.5.12 that stems from being affected by arbitrary file reads via path traversal...

PT-2024-26902 · Unknown · Reposilite

Name of the Vulnerable Software and Affected Versions: Reposilite versions prior to 3.5.12 Description: The issue lies in the fact that the artifact's content is served via the same origin as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed...