Description
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
Remediation
References
http://ureport.com
https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24188.md
https://github.com/youseries/ureport
Related Vulnerabilities
CVE-2020-11022 Vulnerability in maven package org.webjars.bower:jquery
CVE-2020-26289 Vulnerability in maven package org.webjars.npm:date-and-time
CVE-2017-15684 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2023-29525 Vulnerability in maven package org.xwiki.platform:xwiki-platform-distribution-war