payara-micro is vulnerable to path traversal. The vulnerability exists because the setClasspath
function of GFLauncher.java
does not properly set the ext
directory, allowing an attacker to access files outside the expected directory.
CPE | Name | Operator | Version |
---|---|---|---|
payara micro | le | 6.2022.1.Alpha2 | |
payara micro | le | 5.2022.2 | |
payara micro | le | 6.2022.1.Alpha2 | |
payara micro | le | 5.2022.2 |