Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14YzR3LTI4ZzgtdnFtNc4AAuZm
Path Traversal in Gravitee API Management
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.
Permalink: https://github.com/advisories/GHSA-xc4w-28g8-vqm5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14YzR3LTI4ZzgtdnFtNc4AAuZm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-xc4w-28g8-vqm5, CVE-2019-25075
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-25075
- https://github.com/gravitee-io/gravitee-api-management
- https://medium.com/@maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69f
- https://github.com/advisories/GHSA-xc4w-28g8-vqm5
Blast Radius: 1.0
Affected Packages
maven:io.gravitee.apim:gravitee-api-management
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.25.3
Fixed in: 1.25.3
All affected versions:
All unaffected versions: 3.5.18, 3.5.19, 3.5.20, 3.5.21, 3.5.22, 3.5.23, 3.5.24, 3.5.25, 3.5.26, 3.5.27, 3.5.28, 3.5.29, 3.5.30, 3.5.31, 3.8.6, 3.8.7, 3.9.3, 3.9.4, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.10.8, 3.10.9, 3.10.10, 3.10.11, 3.10.12, 3.10.13, 3.10.14, 3.10.15, 3.10.16, 3.10.17, 3.10.18, 3.10.19, 3.10.20, 3.10.21, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.14.0, 3.14.1, 3.15.0, 3.15.1, 3.15.3, 3.15.4, 3.15.5, 3.15.7, 3.15.8, 3.15.9, 3.15.10, 3.15.11, 3.15.12, 3.15.13, 3.15.14, 3.15.15, 3.15.16, 3.15.17, 3.15.18, 3.15.19, 3.15.20, 3.15.21, 3.15.22, 3.16.0, 3.16.1, 3.16.2, 3.16.3, 3.16.4, 3.16.5, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.17.4, 3.17.5, 3.17.6, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.18.4, 3.18.5, 3.18.7, 3.18.8, 3.18.9, 3.18.10, 3.18.11, 3.18.12, 3.18.13, 3.18.14, 3.18.15, 3.18.16, 3.18.17, 3.18.18, 3.18.19, 3.18.20, 3.18.21, 3.18.22, 3.18.23, 3.18.24, 3.18.25, 3.18.26, 3.18.27, 3.18.28, 3.18.29, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.19.4, 3.19.5, 3.19.6, 3.19.7, 3.19.8, 3.19.9, 3.19.10, 3.19.11, 3.19.12, 3.19.13, 3.19.14, 3.19.15, 3.19.16, 3.19.17, 3.19.18, 3.19.19, 3.19.20, 3.19.21, 3.19.22, 3.19.23, 3.19.24, 3.19.25, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.20.7, 3.20.8, 3.20.9, 3.20.10, 3.20.11, 3.20.12, 3.20.13, 3.20.14, 3.20.15, 3.20.16, 3.20.17, 3.20.18, 3.20.19, 3.20.20, 3.20.21, 3.20.22, 3.20.23, 3.20.24, 3.20.25, 3.20.26, 3.20.27, 3.20.28, 3.20.29, 3.20.30, 3.20.31, 3.20.32, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4