Derek Price

**Name of the Vulnerable Software and Affected Versions** CVS versions prior to 1.11.14 **Description** The issue allows attackers to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests. This can lead to a breach of confidentiality of protected information. Exploitation of the issue can be done remotely. **Recommendations** For versions prior to 1.11.14, update to version 1.11.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the CVS client requests to minimize the risk of exploitation.