Description
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/
Third Party Advisory x_refsource_misc
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121
Third Party Advisory x_refsource_misc
https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127
Scores
CVSS v3
7.5
EPSS
0.0084
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (2)
alpine_project/alpine
< 1.10.4
us.springett/alpine
0 - 1.10.4Maven
Published
Dec 28, 2022
Tracked Since
Feb 18, 2026