Impact
Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system).
Patches
A patch has been merged and will be released with version 4.12.
Workarounds
Manually add quotes to the service path.
References
More information about the vulnerability type:
For more information
If you have any questions or comments about this advisory:
Impact
Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system).
Patches
A patch has been merged and will be released with version 4.12.
Workarounds
Manually add quotes to the service path.
References
More information about the vulnerability type:
For more information
If you have any questions or comments about this advisory: