Description
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
Remediation
References
https://bugs.eclipse.org/580502
Related Vulnerabilities
CVE-2014-6394 Vulnerability in maven package org.webjars.npm:send
CVE-2020-7686 Vulnerability in npm package rollup-plugin-dev-server
CVE-2020-2278 Vulnerability in maven package org.jenkins-ci.plugins:storable-configs-plugin
CVE-2017-16197 Vulnerability in npm package qinserve
CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl