CVE-2018-11789

Name of the Vulnerable Software and Affected Versions heron-ui (affected versions not specified)

Description The issue allows individuals to access any file on the host by modifying the path parameter when accessing the heron-ui webpage. This can be achieved by altering the path parameter to navigate to the desired directory, for example, by using ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd to view the /etc/passwd file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.