Rubedo · Rubedo · CVE-2018-16836
**Name of the Vulnerable Software and Affected Versions**
Rubedo versions prior to 3.4.1
**Description**
The issue allows unauthenticated attackers to read and execute arbitrary files outside of the service root path due to a Directory Traversal vulnerability in the theme component. This can be demonstrated by accessing a URI such as "/theme/default/img/%2e%2e/..//etc/passwd".
**Recommendations**
For Rubedo versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the theme component to minimize the risk of exploitation.