jms-core is vulnerable to directory traversal. Lack of secure handling of paths allows an attacker to traverse into the WEB-INF folder and read files.
packetstormsecurity.com/files/164365/Payara-Micro-Community-5.2021.6-Directory-Traversal.html
github.com/Net-hunter121/CVE-2021-41381/blob/main/CVE:%202021-41381-POC
github.com/payara/Payara/commit/08f04f80fb88a22298537870db5823d39e05d608
www.exploit-db.com/exploits/50371
www.payara.fish
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt