Because Java's URL class does not normalize paths, and because the code never checks for .. segments, a request containing ../../ in its path will cause the backend to receive a URL that escapes the ...
This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果