Path Traversal Vulnerability in Tapestry Asset Processing

Path Traversal Vulnerability in Tapestry Asset Processing

CVE-2019-0207 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

Learn more about our Web Application Penetration Testing UK.