Published: 06/02/2024 Updated: 14/02/2024

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 0

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver prior to 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache sling servlets resolver

oss-sec mailing list archives   By Date By Thread </form>    CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal  <!--X- ...

CWE-22 https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl http://www.openwall.com/lists/oss-security/2024/02/06/1 https://nvd.nist.gov https://seclists.org/oss-sec/2024/q1/110

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-23673

Vulnerability Summary

Mailing Lists

References

Vulmon Search

About

Products

Connect