Headline
GHSA-43fw-536j-w37j: Yamcs API Directory Traversal vulnerability
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
Yamcs API Directory Traversal vulnerability
Moderate severity GitHub Reviewed Published Oct 19, 2023 to the GitHub Advisory Database • Updated Oct 19, 2023
Related news
CVE-2023-45278: Comparing yamcs-5.8.6...yamcs-5.8.7 · yamcs/yamcs
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
CVE-2023-45281: Yamcs v5.8.6 Vulnerability Assessment
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.