Advisories for Nuget/Inedo.Otter.SDK package

2017

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Inedo Otter has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

Improper Input Validation

Indeo Otter mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.