CVE-2019-25075 Information

Aug 24, 2022 cve

Description

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.

Reference

https://github.com/gravitee-io/gravitee-api-management https://medium.com/@maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69f

Share on: