xuxueli/xxl-conf

Releases22

Frequency5 months 3 weeks

Last Release 5 months ago

Stars700

A configuration center and service registry.（分布式配置中心与注册中心，XXL-CONF）

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-20094 ↗	Dec 12, 2018Wednesday, 12 December 2018, 10:29	—	5 MEDIUM
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.