The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
108 vulnerabilities with CWE-24
CVE-2021-26725
HIGH
Nozominetworks Central Management Control < 19.0.12 - Path Traversal
CVSS 7.2
CVE-2020-7882
HIGH
Hancom AnySign4PC - Path Traversal
CVSS 7.5
CVE-2020-8568
MEDIUM
Kubernetes Secrets Store Csi Driver < 0.0.17 - Path Traversal
CVSS 5.8
CVE-2020-8567
MEDIUM
Google Secret Manager Provider For Secret Store Csi Driver < 0.2.0 - Path Traversal
CVSS 4.9
CVE-2020-9708
MEDIUM
Adobe Git-server < 1.3.1 - Path Traversal
CVSS 5.9
CVE-2019-25087
MEDIUM
RamseyK httpserver - Path Traversal
CVSS 5.3
CVE-2018-25094
LOW
Online Accounting System <=1.4.0 - Path Traversal
CVSS 3.5
CVE-2014-125033
LOW
Rails-cv-app < 2014-11-16 - Path Traversal
CVSS 3.5
Details
Vulnerabilities
108