spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package “eu.hinsch:spring-boot-actuator-logview”.
View the template here CVE-2021-21234.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-21234