Description
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
Remediation
References
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
Related Vulnerabilities
CVE-2022-0776 Vulnerability in npm package reveal.js
CVE-2020-8823 Vulnerability in npm package sockjs
CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser
CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2012-6612 Vulnerability in maven package org.apache.solr:solr-core