Closed xxcdd closed 1 year ago
When i request GET /resources//../WEB-INF/web.xml using burp suite, i get the raw content of web.xml GET /resources//../ can get all files in Directory: /resources/
GET /resources//../WEB-INF/web.xml
GET /resources//../
This can cause security issue, hope to fix it.
This is resolved by updating Jetty to the latest version. At least I could not reproduce it after updating the embedded Jetty.
When i request
GET /resources//../WEB-INF/web.xml
using burp suite, i get the raw content of web.xmlGET /resources//../
can get all files in Directory: /resources/This can cause security issue, hope to fix it.