Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences that can resolve to a location that is outside of that directory.
CVE vulnerabilities with CWE-32 (2)
7.5
CVSS
HIGH
CVE-2024-41784
pub. 2024-11-15
7.5
CVSS
HIGH
CVE-2024-6049
pub. 2024-10-24