Path Traversal
Discription

gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the `selectUserDefinedEndpoint` function of `TargetEndpointResolver.java`, allowing an attacker to read arbitrary files outside the expected directory via a `/management/users/register` request.Read More

Back to Main

Subscribe for the latest news: