CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

PT-2025-52458

Name of the Vulnerable Software and Affected Versions Takes versions through 2.0-SNAPSHOT Description The Takes web framework’s TkFiles component does not properly sanitize HTTP request paths before using them to access the filesystem. This allows a remote attacker to use "../" sequences within t...

Takes 安全漏洞

Takes is an object-oriented Java web development framework by the individual developer Yegor Bugayenko. A security vulnerability exists in Takes 2.0-SNAPSHOT and earlier versions, which stems from an un-normalized HTTP request path that could lead to arbitrary file reading...

CVE-2025-66905

The CVE-2025-66905 entry concerns the Takes web framework, specifically the TkFiles component up to 2.0-SNAPSHOT, which fails to canonicalize HTTP request paths before filesystem access. This allows a remote attacker to include ../ sequences in the request path to escape the configured base direc...

EUVD-2025-204545

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...