CVE-2020-13953

Medium

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being…

apache·CWE-552·Published 2020-09-30

CVSS

5.3

EPSS

0.03

KEV

Exploits

cve.orgen

142 chars

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

NVDen

142 chars

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

OSV.deven

142 chars

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

GHSAen

142 chars

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

NVDes

179 chars

En Apache Tapestry versiones 5.4.0 hasta 5.5.0, al diseñar unas URL específicas, un atacante puede descargar archivos dentro de la carpeta WEB-INF de la WAR que se está ejecutando

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N