Description
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
Remediation
References
https://blog.payara.fish/august-community-5-release
https://www.payara.fish/downloads/
Related Vulnerabilities
CVE-2019-10336 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2018-1273 Vulnerability in maven package org.springframework.data:spring-data-commons
CVE-2020-2273 Vulnerability in maven package org.jenkins-ci.plugins:elastestv
CVE-2023-49733 Vulnerability in maven package org.apache.cocoon:cocoon-core