26 matches found
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
EUVD-2023-0563
Malicious code in bioql PyPI...
EUVD-2022-6644
Malicious code in bioql PyPI...
CVE-2019-25075
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
Directory Traversal
Gravitee API Management is vulnerable to path traversal. The vulnerability exists in the Email service due to an html injection which allows an attacker to read arbitrary files via a /management/users/register request...
GHSA-VP62-M958-QJ8C Gravitee API Management contains Path Traversal
This CVE addresses the partial fix for CVE-2019-25075 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary...
Gravitee API Management contains Path Traversal
This CVE addresses the partial fix for CVE-2019-25075 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary...
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
Path traversal
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
PT-2023-13640 · Unknown · Gravitee Api Management
Name of the Vulnerable Software and Affected Versions: Gravitee API Management versions prior to 3.15.13 Description: The issue allows path traversal through HTML injection, potentially enabling anonymous users to read arbitrary files. This is achieved by combining HTML injection with path...
CVE-2022-38723
CVE-2022-38723 affects Gravitee API Management prior to version 3.15.13, where an HTML-injection flaw enables path traversal. Multiple connected sources confirm the vulnerability exists in Gravitee API Management before 3.15.13 and describe the underlying issue as HTML injection that allows path ...
Gravitee API Management 路径遍历漏洞
Gravitee API Management is an open source Gravitee API management tool. A path traversal vulnerability exists in Gravitee API Management versions prior to 3.15.13, which stems from a vulnerability that allows an attacker to implement path traversal via HTML injection...
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection...
GHSA-XC4W-28G8-VQM5 Path Traversal in Gravitee API Management
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
Path Traversal in Gravitee API Management
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
Path Traversal
gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the selectUserDefinedEndpoint function of TargetEndpointResolver.java, allowing an attacker to read arbitrary files outside the expected directory via a...
CVE-2019-25075
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
CVE-2019-25075
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...