Description
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.
Remediation
References
https://github.com/blynkkk/blynk-server/issues/1256
https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7
Related Vulnerabilities
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-default
CVE-2021-32820 Vulnerability in npm package express-handlebars
CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-parent
CVE-2017-16006 Vulnerability in maven package org.webjars:remarkable