2019-09-16 16:36:14
apache
PUBLISHED
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesnt filter the character ``, so attacker can perform a path traversal attack to read any files on Windows platform.