Ambiso

**Name of the Vulnerable Software and Affected Versions** OpenDeck versions prior to 2.8.1 **Description** OpenDeck is Linux software for the Elgato Stream Deck. The service listening on port 57118 serves static files for installed plugins without proper path sanitization. An attacker can use '../' sequences in the request path to traverse outside the intended directory and read arbitrary files accessible to OpenDeck. The vulnerable component serves static files for installed plugins. **Recommendations** Update to OpenDeck version 2.8.1 or later.