VDB

GCVE-VVD-MAGEIA-2021-72

GCVE-VVD-MAGEIA-2021-72
Advisory Published
Vulnetix · Advisory published April 12, 2021
When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances (CVE-2021-24122).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiagvfs0 (affected), 1.46.2-1.1.mga8 (unaffected)
Mageiatomcat0 (affected), 9.0.39-1.1.mga7 (unaffected), 0 (affected), 9.0.39-1.1.mga7 (unaffected)

References

Updated tomcat packages fix a security vulnerability
advisory
Updated tomcat packages fix a security vulnerability
issue
Updated tomcat packages fix a security vulnerability
issue
Updated tomcat packages fix a security vulnerability
issue
Updated gvfs-fuse packages add fuse3 dependency
advisory
Updated gvfs-fuse packages add fuse3 dependency
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›