Description
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Remediation
References
http://www.securityfocus.com/bid/107844
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835
Related Vulnerabilities
CVE-2021-23377 Vulnerability in npm package onion-oled-js
CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js
CVE-2017-1000048 Vulnerability in maven package org.webjars.bower:qs
CVE-2018-15756 Vulnerability in maven package org.springframework:spring-web
CVE-2017-16036 Vulnerability in npm package badjs-sourcemap-server