CVE-2019-15630

HIGH7.5EPSS 0.77%

Mule modules contain Directory Traversal

發布日:2022/5/24修改日:2024/2/16

描述

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process.

受影響套件(1)

Maven/org.mule.runtime:mule>= 3.0.0, <= 4.1.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-15630
PATCHhttps://github.com/mulesoft/mule
WEBhttps://help.mulesoft.com/s/article/Directory-traversal-vulnerability-affecting-runtimes-of-MuleSoft-customers-running-certain-use-cases-of-Mule-flows-and-API-Gateways