In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Affected Packages

Maven org.glassfish.main.web:web

Affected versions: 5.1.0 (fixed in 7.0.0)

Related CVEs

CVE-2022-2712

Key Information

GHSA ID

GHSA-3g5w-6pw7-6hrp

Published

January 27, 2023 12:30 PM

Last Modified

January 28, 2023 1:19 AM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.glassfish.main.web:web

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.