CVE-2021-32769

Name of the Vulnerable Software and Affected Versions Micronaut versions prior to 2.5.9

Description A path traversal vulnerability exists in Micronaut, allowing access to any file from a filesystem using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. With a basic configuration, it is possible to access sensitive information.

Recommendations For versions prior to 2.5.9, as a temporary workaround, do not use ** in mapping, use only *, which exposes only the flat structure of a directory not allowing traversal. If using Linux, another workaround is to run Micronaut in chroot. To fully resolve the issue, update to version 2.5.9 or later.