Apache Tapestry Information Disclosure (CVE-2021-30638)

An information disclosure vulnerability exists in Apache Tapestry. A URL manipulation via smuggled backslashes allows Java webapp files inside WEB-INF to be listed and downloaded...