Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jetty Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2021-28163 - Vulnerability Database
Jetty

Jetty Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2021-28163

Low
Reference: CVE-2021-28163
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-28163
Title: Jetty Improper Link Resolution Before File Access (Link Following) Vulnerability
Overview:

In Eclipse Jetty 9.4.32 to 9.4.38 10.0.0.beta2 to 10.0.1 and 11.0.0.beta2 to 11.0.1 if a user uses a webapps directory that is a symlink the contents of the webapps directory is deployed as a static webapp inadvertently serving the webapps themselves and anything else that might be in that directory.