Description
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
Remediation
References
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
Related Vulnerabilities
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2021-39178 Vulnerability in npm package next
CVE-2022-30506 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2023-43643 Vulnerability in maven package org.owasp.antisamy:antisamy
CVE-2022-22984 Vulnerability in npm package snyk-docker-plugin