Path Traversal
Discription
gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the `selectUserDefinedEndpoint` function of `TargetEndpointResolver.java`, allowing an attacker to read arbitrary files outside the expected directory via a `/management/users/register` request.Read More
References
Back to Main