spring-boot-actuator-logview is vulnerable to directory traversal. The vulnerability exists through the base
folder parameter exposed in the log file directory through admin HTTP endpoints.
CPE | Name | Operator | Version |
---|---|---|---|
spring-boot-actuator-logview | le | 0.2.12 |
github.com/lukashinsch/spring-boot-actuator-logview/commit/1c76e1ec3588c9f39e1a94bf27b5ff56eb8b17d6
github.com/lukashinsch/spring-boot-actuator-logview/commit/760acbb939a8d1f7d1a7dfcd51ca848eea04e772
github.com/lukashinsch/spring-boot-actuator-logview/security/advisories/GHSA-p4q6-qxjx-8jgp
search.maven.org/artifact/eu.hinsch/spring-boot-actuator-logview