Mjalt96

**Name of the Vulnerable Software and Affected Versions** Umbraco versions 8.0.0 through 8.18.9 Umbraco versions 10.0.0 through 10.8.0 Umbraco versions 12.0.0 through 12.2.9 **Description** The issue allows Backoffice users with permissions to create packages to use path traversal, enabling them to write outside of the expected location. This is possible due to a flaw in the "Package" section of Umbraco Backoffice, which permits logged-in users to create folders outside the default package directory. **Recommendations** For Umbraco versions 8.0.0 through 8.18.9, update to version 8.18.10 to resolve the issue. For Umbraco versions 10.0.0 through 10.8.0, update to version 10.8.1 to resolve the issue. For Umbraco versions 12.0.0 through 12.2.9, update to version 12.3.0 to resolve the issue.