CVE-2023-45278: Yamcs API Directory Traversal vulnerability

October 19, 2023 (updated October 25, 2023)

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

References

github.com/advisories/GHSA-43fw-536j-w37j
github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
nvd.nist.gov/vuln/detail/CVE-2023-45278
www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Detect and mitigate CVE-2023-45278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →