3 matches found
CVE-2024-36116 Path traversal in Reposilite javadoc file expansion
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...
CVE-2024-36116
The CVE-2024-36116 issue in Reposilite arises from path traversal in the Javadoc archive expansion logic. The archive’s file.name can contain traversal sequences (for example ../../../anything.txt), allowing an extracted path to escape the intended unpack directory. An attacker could craft a mali...
CVE-2024-36116 Path traversal in Reposilite javadoc file expansion
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...