tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run. This CVE exists due to an incomplete fix for CVE-2020-13953.
CPE | Name | Operator | Version |
---|---|---|---|
tapestry-core | le | 5.7.1 | |
tapestry-core | le | 5.6.3 | |
tapestry-core | le | 5.7.1 | |
tapestry-core | le | 5.6.3 |