Skip to content

Instantly share code, notes, and snippets.

Created December 27, 2022 14:25
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary files via a /management/users/register request.
A patch was published in 2019 for this vulnerability but did not appear to have solved the issue. This year's fix is however efficient in removing the flaw.
Vulnerable product: Gravitee API Management
Affected version: < 3.15.13
Fixed version: 3.15.13
2019 vulnerability:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment