Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-32769
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core
Source: NVD (National Vulnerability Database)
Vulnerability Description
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Object Computing micronaut 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Object Computing micronaut是美国Object Computing公司的一款基于JVM的全栈框架,它主要用于构建模块化微服务和无服务器应用程序。 Micronaut 2.5.9 之前的版本存在路径遍历漏洞,该漏洞源于Micronaut 不限制对配置路径的文件访问。攻击者通过基本配置,可以使用 URL 中的“/../../”从文件系统访问任何文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
micronaut-projectsmicronaut-core < 2.5.9 -
II. Public POCs for CVE-2021-32769
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-32769
Please Login to view more intelligence information
New Vulnerabilities
Product: micronaut-core
Vendor: micronaut-projects
Same weakness: CWE-22
V. Comments for CVE-2021-32769

No comments yet

Leave a comment