# Vulnerability Summary: DV0x creative-ad-agent Path Traversal ## Vulnerability Overview - **Vulnerability ID**: Submit #802887 - **Vulnerability Type**: Path Traversal (CWE-22) - **Affected Component**: Creative Ad Agent SDK server - **Specific Location**: `/images/:sessionId/:filename` endpoint in `/server/sdk-server.ts` - **Description**: The endpoint accepts user-controlled route parameters to construct a file system path but fails to validate that the resolved path remains within the expected `generated-images` directory. An attacker with network access to the server can exploit encoded traversal sequences (e.g., `%2e%2e/`) to read arbitrary files on the server, including repository files or system files such as `/etc/passwd`. ## Impact Scope - **Affected Versions**: Commit `7519b5e146604dc65049bd0f62dcbdad6212f8a3` is confirmed as affected. - **Fix Status**: As of the report time, no fixed version is available. ## Remediation - No official fix is currently available (No fixed version available). ## Proof of Concept (POC) No specific code block for exploitation is provided in the page, but the exploitation method is described as follows: > An attacker with network access to the server can supply encoded traversal sequences (e.g., `%2e%2e/`) to read arbitrary files accessible to the server process, including repository files or host system files such as `/etc/passwd`.