eu.hinsch%3Aspring-boot-actuator-logview@0.2.0 vulnerabilities
-
latest version
0.2.13
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- [0.1.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the eu.hinsch%3Aspring-boot-actuator-logview package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Directory Traversal due to an incomplete fix for CVE-2021-21234. This allows a privileged user to access sibling directories whose name starts with the same string as the intended directory - a limited subset of the directories vulnerable to exposure in the former vulnerability - via How to fix Directory Traversal? There is no fixed version for |
[0,)
|
Affected versions of this package are vulnerable to Directory Traversal. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that How to fix Directory Traversal? Upgrade |
[,0.2.13)
|