CVE-2019-14914

Name of the Vulnerable Software and Affected Versions PRiSE adAS version 1.7.0

Description An issue was discovered where the path is not properly escaped in the metadata del method, leading to an arbitrary file read and deletion via Directory Traversal.

Recommendations For PRiSE adAS version 1.7.0, consider restricting access to the metadata del method until a patch is available to prevent arbitrary file read and deletion. As a temporary workaround, ensure proper path escaping to mitigate the risk of Directory Traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.