CVE-2019-10242

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Source: NIST
CVE-2019-10242

Leave a Reply

Your email address will not be published.