CVE-2021-44140: Incorrect Default Permissions

November 24, 2021 (updated November 29, 2021)

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance.

References

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140
lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t
nvd.nist.gov/vuln/detail/CVE-2021-44140

Code Behaviors & Features

Detect and mitigate CVE-2021-44140 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →