We have found a directory traversal vulnerability in FileDownloader, which may cause remote code execution.
For consideration of security, we do not reveal the detail of this vulnerability currently.
Welcome contact me by Email: tiamo_inter#foxmail.com
Thanks for your report, this issue will be handled as soon as possible and if the response filename with such venom-case, we will end download with error status as default.
We have found a directory traversal vulnerability in FileDownloader, which may cause remote code execution.
For consideration of security, we do not reveal the detail of this vulnerability currently.
Welcome contact me by Email: tiamo_inter#foxmail.com
Update: CVE has assigned this vulnerability an ID: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11248
The text was updated successfully, but these errors were encountered: