Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read (CVE-2024-36117)

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.

Reposilite是一款开源、轻量级且易于使用的Maven生态系统基于的构件存储库管理工具。Reposilite v3.5.10版本在提供展开的javadoc文件时，由于路径遍历漏洞，存在任意文件读取风险。Reposilite已在版本3.5.12中解决了此问题。目前尚未发现针对该漏洞的已知解决方案。该漏洞被发现并由GitHub安全实验室报告，同时被追踪为GHSL-2024-074。