Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.
If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.
Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-06T10:04:21.294Z
Updated: 2024-08-01T23:06:25.395Z
Reserved: 2024-01-19T13:54:27.664Z
Link: CVE-2024-23673
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-06T10:15:08.833
Modified: 2024-11-21T08:58:08.560
Link: CVE-2024-23673
Redhat
No data.