Simon Baatz

**Name of the Vulnerable Software and Affected Versions** pulp versions 2.16.x and earlier **Description** The issue is related to improper path parsing, allowing a malicious user or a malicious iso feed repository to write to locations accessible to the 'apache' user. This could lead to the overwrite of published content on other iso repositories. **Recommendations** For pulp versions 2.16.x and earlier, consider restricting access to the apache user to minimize the risk of exploitation. As a temporary workaround, limit the ability of malicious users or iso feed repositories to write to sensitive locations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.