Dkhrysev

**Name of the Vulnerable Software and Affected Versions** OroPlatform versions prior to 5.0.9 **Description** Path Traversal is possible in `OroBundleGaufretteBundleFileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted immediately after the script ends. **Recommendations** For versions prior to 5.0.9, apply the provided patch to `OroBundleGaufretteBundleFileManager.php` or decorate `OroBundleGaufretteBundleFileManager::getTemporaryFileName` in your customization and clear the `$suggestedFileName` argument to prevent Path Traversal. Alternatively, update to version 5.0.9 or later, where this vulnerability has been fixed.