Main Vulnerability Database SB2020051906

SB2020051906 - Path traversal in Jooby web framework for Java and Kotlin

Published: May 19, 2020

Security Bulletin ID SB2020051906

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2020-7647)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied passed via . A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and read contents of arbitrary files on the system.

Remediation

Install update from vendor's website.

References

https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009
https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807
https://github.com/jooby-project/jooby/security/advisories/GHSA-px9h-x66r-8mpc