Description
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Remediation
References
https://fusionauth.io/docs/v1/tech/release-notes
https://github.com/FusionAuth/fusionauth-issues/issues/1983
Related Vulnerabilities
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war
CVE-2023-31716 Vulnerability in npm package @frangoteam/fuxa
CVE-2022-37616 Vulnerability in npm package @xmldom/xmldom
CVE-2022-41247 Vulnerability in maven package org.jenkins-ci.plugins:bigpanda-jenkins
CVE-2019-10387 Vulnerability in maven package com.xebialabs.xlt.ci:xltestview-plugin