Súbít #592397: javahongxi whatsmars `v2021.4.0` and `master branch` Path Traversalbayani

Kurajavahongxi whatsmars `v2021.4.0` and `master branch` Path Traversal
GaskiyaIn the subproject `whatsmars-archetypes/whatsmars-initializr` of the `whatsmar` repository, the data process endpoint `/project` lacks proper path validation. An attacker can exploit this by crafting parameters to retrieve arbitrary files ending with `.tar` on the system. - **Project Link:** `https://github.com/javahongxi/whatsmars` - **Affected Version:** `v2021.4.0` and `master branch` - **Affected API:** `/project` - **Code Path:** `/whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java:45`
Manga⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md
Màdùmga
 ShenxiuSecurity (UID 84374)
Furta06/07/2025 12:11 (9 Wurɗi 전)
Gargajiya06/15/2025 11:57 (8 days later)
HalittaShingilam
VulDB gite312578 [javahongxi whatsmars 2021.4.0 InitializrController.java initialize artifactId Dafiyar fayil ɗin cikin kundin ajiyar bayanai]
Nganji20

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!