CVE-2022-2712 Information

Description

In Eclipse GlassFish versions 5.1.0 to 6.2.5 there is a vulnerability in relative path traversal because it does not filter request path starting with ‘./’. Successful exploitation could allow an remote unauthenticated attacker to access critical data such as configuration files and deployed application source code.

Reference

https://bugs.eclipse.org/580502