GHSA-w327-wq28-3vmf, CVE-2009-4665
nuget/CuteEditor
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
All versions before 6.6
Upgrade to version 6.6 or above.
2024-02-09
source |