Primary

Context

javahongxi whatsmars Path Traversal Vulnerability in InitializrController

Vulnerability

A path traversal vulnerability has been identified in javahongxi whatsmars version 2021.4.0. The issue arises in the InitializrController, specifically within the initialize function. The vulnerability allows for remote exploitation by manipulating the artifactId parameter, which can lead to unauthorized access to files on the server.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to access arbitrary files on the server, particularly those ending in .tar.

Reproduction

To reproduce this vulnerability, send a request to the /project endpoint of the whatsmars-initializr subproject. Include a crafted artifactId parameter that exploits the lack of proper path validation. This will trigger the path traversal vulnerability, allowing access to restricted files on the server.

Added: Jun 16, 2025, 6:16 AM

Updated: Jun 16, 2025, 6:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

javahongxi whatsmars Path Traversal Vulnerability in InitializrController

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating