Arbitrary File Deletion via Directory Traversal in JSON File Handling
A vulnerability in the JSON file handling mechanism allows any user to delete any JSON file on the server, including critical configuration files. This affects version 20240410 and has not yet been patched.
Available publicly on Jul 31 2024
Remediation Steps
- Validate and sanitize file paths in JSON requests to prevent directory traversal.
- Implement access controls to restrict file deletion operations to authorized users only.
- Update the software to a patched version once available.
- Monitor and log file deletion requests to detect and respond to suspicious activities.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.