GHSA-2jh3-2rfc-9fhfMediumCVSS 5.3
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter,...
🔗 CVE IDs covered (1)
📋 Description
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact.