cve/2020/CVE-2020-13953.md

18 lines
633 B
Markdown
Raw Normal View History

2024-05-25 21:48:12 +02:00
### [CVE-2020-13953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13953)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tapestry&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
### Description
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/Live-Hack-CVE/CVE-2021-30638