Description
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-26072)
WordPress Plugin BackWPup Multiple Unspecified Vulnerabilities (3.2.1)
WordPress Plugin WP-Live Chat by 3CX Multiple Vulnerabilities (4.3.5)
XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.7)