Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory.
CVE vulnerabilities with CWE-28 (2)
5.5
CVSS
MEDIUM
CVE-2024-27810
pub. 2024-05-14
4.3
CVSS
MEDIUM
CVE-2023-2059
pub. 2023-04-14