Gravitee API Management is vulnerable to path traversal. The vulnerability exists in the Email service due to an html injection which allows an attacker to read arbitrary files via a /management/users/register request.
community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164
gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3
github.com/gravitee-io/gravitee-api-management/commit/3337f34c3b4422fd04f0b3fb6364b5c8a157521f
github.com/gravitee-io/gravitee-api-management/commit/599386bf512c58960b3050f6916aa5b03783f769