io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

路径遍历：’…/…//’

Jmix 安全漏洞

Jmix是Jmix公司的一组库和工具，用于加速 Spring Boot 以数据为中心的应用程序开发。 Jmix 1.0.0至1.6.1版本和2.0.0至2.3.4版本存在安全漏洞，该漏洞源于FileRef参数操作不当，可能导致文件访问。

N/A

N/A