Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Play Framework Assets控制器路径遍历漏洞
Vulnerability Description
Play Framework是一套开源的Java Web应用框架。该框架具有可扩展、资源消耗低等特点。Assets controller是其中的一个资产控制器。 Play Framework 2.6.12版本至2.6.15版本中的Assets控制器存在目录遍历漏洞,该漏洞源于当程序在Windows上运行时Assets控制器未能正确地处理路径。远程攻击者可通过发送特制的HTTP请求利用该漏洞从目标服务器上下载任意文件。
CVSS Information
N/A
Vulnerability Type
N/A