Aria2 metalink 'name' Directory Traversal Vulnerability

Summary
The Remote host is installed with Aria2 and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to download files to directories outside of the intended download directory via directory traversal attacks. Impact Level: Application
Solution
Upgrade to Aria2 1.9.3, For updates refer to http://sourceforge.net/projects/aria2/files/
Insight
The flaw is due to an error in the hanling of metalink files. The 'name' attribute of a 'file' element in a metalink file is not properly sanitised.
Affected
Aria2 version prior to 1.9.3
References