Lucene search
Veracode Vulnerability DatabaseVERACODE:38867HistoryJan 13, 2023 - 7:32 a.m.
Directory Traversal
2023-01-1307:32:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
gravitee
api management
path traversal
email service
html injection
arbitrary files
management users
register request
EPSS
0.002
Percentile
53.2%
Gravitee API Management is vulnerable to path traversal. The vulnerability exists in the Email service due to an html injection which allows an attacker to read arbitrary files via a /management/users/register request.
References
community.gravitee.io/t/whats-new-in-access-management-3-15-lts/164
gist.github.com/garatc/d86cdb1fa2e35a7ee719d9a0de0b5ca3
github.com/gravitee-io/gravitee-api-management/commit/3337f34c3b4422fd04f0b3fb6364b5c8a157521f
github.com/gravitee-io/gravitee-api-management/commit/599386bf512c58960b3050f6916aa5b03783f769
Related
osv
osv
CVE-2022-38723
2023-01-03 22:15:11
Gravitee API Management contains Path Traversal
2023-01-04 00:30:26
cvelist
cvelist
CVE-2022-38723
2023-01-03 00:00:00
nvd
nvd
CVE-2022-38723
2023-01-03 22:15:11
cve
cve
CVE-2022-38723
2023-01-03 22:15:11
prion
prion
Path traversal
2023-01-03 22:15:00
github
github
Gravitee API Management contains Path Traversal
2023-01-04 00:30:26