GHSA-2jh3-2rfc-9fhfMediumCVSS 5.3

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter,...

Published
July 13, 2026
Last Modified
July 13, 2026

🔗 CVE IDs covered (1)

📋 Description

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact.

🔗 References (4)