CVE-2022-2712

Name of the Vulnerable Software and Affected Versions Eclipse GlassFish versions 5.1.0 through 6.2.5

Description The issue is related to relative path traversal, where the software does not filter request paths starting with './'. This could allow a remote unauthenticated attacker to access critical data, including configuration files and deployed application source code.

Recommendations For Eclipse GlassFish versions 5.1.0 through 6.2.5, consider restricting access to sensitive data and configuration files until a patch is available. As a temporary workaround, filtering request paths starting with './' can help minimize the risk of exploitation.