Apache Sling JCR ContentLoader is vulnerable to information disclosure. The application doesn’t properly check if a directory exists before importing files, allowing a malicious user access to arbitrary files.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling jcr contentloader | le | 2.1.4 |