CVE-2019-0207

By Year
2019
CVE-2019-0207

Track security vulnerabilities

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

Published at

2019-09-16

853 days ago

Modified

2020-05-31

595 days ago

2019

Year

The year of the turtle

https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E

MLIST:[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html

Read More about it More info

https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E

MLIST:[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/

Read More about it More info

https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E

MLIST:[tapestry-users] 20190913 CVE-2019-0207: Apache Tapestry vulnerability disclosure

Read More about it More info

https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E

MLIST:[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure

Read More about it More info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2019-0207"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform."
			},
			{
				"_text": "2019-09-16"
			},
			{
				"_text": "2020-05-31"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2019-0207"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[tapestry-users] 20190913 CVE-2019-0207: Apache Tapestry vulnerability disclosure"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure"
				}
			}
		]
	}
}