EPSS
Percentile
52.9%
payara-micro is vulnerable to path traversal. The vulnerability exists because the setClasspath function of GFLauncher.java does not properly set the ext directory, allowing an attacker to access files outside the expected directory.
setClasspath
GFLauncher.java
ext
blog.payara.fish/august-community-5-release
github.com/advisories/GHSA-h28c-453m-h9xm
github.com/payara/Payara/commit/ffbf4168a2d7e1e61cfeb19178c022bb1c0aab77
github.com/payara/Payara/pull/5707
www.payara.fish/downloads/