CVE-2019-12479

Name of the Vulnerable Software and Affected Versions 20|20 Storage version 2.11.0

Description An issue in the TwentyTwenty.Storage library allows for a Path Traversal, enabling the creation and reading of files outside the specified basepath in the LocalStorageProvider. If the application does not sanitize user-supplied filenames, this issue can be exploited to read or write arbitrary files.

Recommendations For version 2.11.0, ensure that user-supplied filenames are properly sanitized to prevent exploitation of the Path Traversal issue in the LocalStorageProvider. As a temporary workaround, consider restricting access to the LocalStorageProvider until a patch is available.