Site icon API Security Blog

Path Traversal

gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the `selectUserDefinedEndpoint` function of `TargetEndpointResolver.java`, allowing an attacker to read arbitrary files outside the expected directory via a `/management/users/register` request.Read More

Exit mobile version