CVE-2023-41699

Name of the Vulnerable Software and Affected Versions Payara Server versions 5.0.0 through 5.56.0 Payara Server versions 4.1.2.191 through 4.1.2.191.45 Payara Server versions 6.0.0 through 6.7.0 Payara Server versions 6.2023.1 through 6.2023.10 Payara Micro and Embedded versions 5.0.0 through 5.56.0 Payara Micro and Embedded versions 4.1.2.191 through 4.1.2.191.45 Payara Micro and Embedded versions 6.0.0 through 6.7.0 Payara Micro and Embedded versions 6.2023.1 through 6.2023.10

Description The issue affects the Payara Platform, allowing URL redirection to untrusted sites. This can enable redirect access to libraries.

Recommendations For Payara Server versions 5.0.0 through 5.56.0, update to version 5.57.0 or later. For Payara Server versions 4.1.2.191 through 4.1.2.191.45, update to version 4.1.2.191.46 or later. For Payara Server versions 6.0.0 through 6.7.0, update to version 6.8.0 or later. For Payara Server versions 6.2023.1 through 6.2023.10, update to version 6.2023.11 or later. For Payara Micro and Embedded versions 5.0.0 through 5.56.0, update to version 5.57.0 or later. For Payara Micro and Embedded versions 4.1.2.191 through 4.1.2.191.45, update to version 4.1.2.191.46 or later. For Payara Micro and Embedded versions 6.0.0 through 6.7.0, update to version 6.8.0 or later. For Payara Micro and Embedded versions 6.2023.1 through 6.2023.10, update to version 6.2023.11 or later.