Hide Forgot
It was found that Spark before 2.7.2 allows a remote attacker to read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. References: http://sparkjava.com/news#spark-272-released Upstream patches: https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668 Upstream issue: https://github.com/perwendel/spark/issues/981
This issue has been addressed in the following products: Red Hat JBoss Fuse Via RHSA-2018:2020 https://access.redhat.com/errata/RHSA-2018:2020
This issue has been addressed in the following products: Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R7 Via RHSA-2018:2405 https://access.redhat.com/errata/RHSA-2018:2405