A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

Related CVEs

CVE-2024-31851

Key Information

GHSA ID

GHSA-225x-44w7-hh2f

Published

April 5, 2024 6:30 PM

Last Modified

April 5, 2024 6:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 26, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.