Bocaletto-Luca

Name of the Vulnerable Software and Affected Versions: SysmonElixir versions prior to 1.0.1 Description: The issue concerns SysmonElixir, a system monitor HTTP service in Elixir. Prior to version 1.0.1, the "/read" endpoint reads any file from the server's file system, including sensitive files like /etc/passwd, by default. In version 1.0.1, a whitelist was added to limit reading to only files under priv/data. Recommendations: For versions prior to 1.0.1, update to version 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/read" endpoint until the update can be applied.