Calmh

**Name of the Vulnerable Software and Affected Versions** Syncthing versions 0.14.33 and older **Description** The issue allows for symlink traversal, resulting in arbitrary file overwrite. This occurs because Syncthing erroneously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. **Recommendations** For Syncthing versions 0.14.33 and older, update to a version newer than 0.14.33 to resolve the issue. As a temporary workaround, consider restricting the creation of symlinks and directories with the same name to minimize the risk of exploitation.