CVE-2018-20094

Published December 12th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.

xuxueli/xxl-conf

A configuration center and service registry.（分布式配置中心与注册中心，XXL-CONF）

GitHub

700