CVE-2019-15630

HIGH7.5EPSS 0.77%

Mule modules contain Directory Traversal

Published: 5/24/2022Modified: 2/16/2024

Description

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process.

Affected packages (1)

Maven/org.mule.runtime:mule>= 3.0.0, <= 4.1.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-15630
PATCHhttps://github.com/mulesoft/mule
WEBhttps://help.mulesoft.com/s/article/Directory-traversal-vulnerability-affecting-runtimes-of-MuleSoft-customers-running-certain-use-cases-of-Mule-flows-and-API-Gateways