CVE-2026-8384
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
14/07/2026
Última modificación:
14/07/2026
Descripción
*** Pendiente de traducción *** In Eclipse Jetty, an HTTP URI of this form:<br />
<br />
<br />
<br />
<br />
<br />
/public;/../admin/secret.txt<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
results in an unresolved path of:<br />
<br />
<br />
<br />
<br />
<br />
/public/../admin/secret.txt<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
instead of the expected:<br />
<br />
<br />
<br />
<br />
<br />
/admin/secret.txt<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker (only resolved resources are served).<br />
<br />
<br />
<br />
<br />
However, web applications that rely on resolved paths being provided by Jetty may be confused when receiving an unresolved path.
Impacto
Puntuación base 3.x
5.30
Gravedad 3.x
MEDIA



