Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w

Directory traversal in Mort Bay Jetty

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Permalink: https://github.com/advisories/GHSA-9986-w5h5-vw59
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Percentage: 0.03198
EPSS Percentile: 0.91508

Identifiers: GHSA-9986-w5h5-vw59, CVE-2009-1523
References: Blast Radius: 22.2

Affected Packages

maven:org.mortbay.jetty:jetty
Dependent packages: 1,149
Dependent repositories: 15,554
Downloads:
Affected Version Ranges: >= 7.0.0.M0, < 7.0.0.M2, < 6.1.17
Fixed in: 7.0.0.M2, 6.1.17
All affected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26
All unaffected versions: