CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability Severity: important Vendor: The Apache Software Foundation Versions affected: all Apache Tapestry versions between 5.4.0, including its betas, and 5.4.4
Description: Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version. Credit: Ricter Zheng -- Thiago
