You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[UNDERTOW-2339] CVE-2024-1459 Path segment "/..;" should not be treated as "/.."
Proxies such as httpd proxy do not resolve the path segment "/..;/" to
be a double dot segment, so they would pass such request path unchanged
to target server. Undertow on the other hand resolves "/..;/" as double
dot, which can cause essentially a path traversal problem, where client
can request resources that should not be available to him per proxy
configuration.
Signed-off-by: Flavia Rainone <frainone@redhat.com>
0 commit comments