Skip to content

Yunio 1.15.3

YunIO 1.15.3

  • Fixed a path traversal vulnerability in the designer server which enabled fetching arbitrary files accessible to the server on file system level.
  • All previous versions are affected and an immediate update is recommended
  • No authentication or authorization is required
  • It is not possible to enumerate directory structures and/or their contents
  • However, it is possible to guess file names and their location and craft a specific request for them
  • Possibly affected types of directories (if the server runs with sufficient privileges):
  • local file system
  • local drives (c:, d:, etc.)
  • network drives (SMB)