Description
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.
Remediation
References
https://github.com/blynkkk/blynk-server/issues/1256
https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7
Related Vulnerabilities
CVE-2022-25883 Vulnerability in npm package semver
CVE-2021-4264 Vulnerability in maven package org.webjars:dustjs-linkedin
CVE-2022-41954 Vulnerability in maven package net.sf.mpxj:mpxj
CVE-2022-40084 Vulnerability in maven package org.opencrx:opencrx-core
CVE-2023-44483 Vulnerability in maven package org.apache.santuario:xmlsec