Triwater

**Name of the Vulnerable Software and Affected Versions** FileDownloader version 1.7.3 **Description** The issue concerns a directory traversal problem. An attacker can exploit this by placing "../" in a file name, allowing the file to be stored in an unintended directory. This occurs because the `util/FileDownloadUtils.java` in FileDownloader does not properly check an attachment's name. **Recommendations** For FileDownloader version 1.7.3, consider implementing proper validation and sanitization of file names to prevent directory traversal attacks. As a temporary workaround, restrict the ability to upload files with "../" in their names to minimize the risk of exploitation.