CVE-2020-13953
published 2020-09-30CVE-2020-13953: In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tapestry | >= 5.4.0 < 5.6.4 | 5.6.4 |
| apache | tapestry | >= 5.7.0 < 5.7.2 | 5.7.2 |
| apache_software_foundation | apache_tapestry | >= Apache Tapestry < Apache Tapestry 5.6.4 | Apache Tapestry 5.6.4 |
| apache_software_foundation | apache_tapestry | >= Apache Tapestry < Apache Tapestry 5.7.2 | Apache Tapestry 5.7.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa5.3MEDIUM
osv5.3MEDIUM