Rubedo Project: >> Rubedo >> 1.4.2 Security Vulnerabilities
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
CVSS Score
9.8
EPSS Score
0.868
Published
2018-09-11