Critical severity vulnerability was found in maven org.apache.jspwiki:jspwiki-main (maven) .

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

References


Courtesy:https://github.com/advisories/GHSA-8gw6-w5rw-4g5c

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *