3 matches found
br.com.zup.beagle:beagle-micronaut-starter (>=1.1.0 <=2.1.0), com.bertramlabs.plugins:asset-pipeline-micronaut (>=3.0.7 <=4.3.0) +23 more potentially affected by CVE-2021-32769 via io.micronaut:micronaut-http-server-netty (>=1.0.1 <=2.5.8)
io.micronaut:micronaut-http-server-netty MAVEN version =1.0.1, =1.1.0, =3.0.7, =3.1.1, =0.99.0, =1.3.12, =0.1.0, =1.0.0, =3.0.1 - io.micronaut.example:micronaut-graphql-example-chat =1.4.0 - io.micronaut.example:micronaut-graphql-example-hello-world-groovy =1.4.0 -...
CVE-2021-32769
Micronaut’s CVE-2021-32769 is a path-traversal vulnerability in versions before 2.5.9. Affected component is the Micronaut file/resource loader which allows access to filesystem paths via URL patterns like /../../ when not restricted to configured paths. Exploitation details are described across ...
CVE-2021-32769 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...