Tyk · Tyk Gateway · CVE-2021-23357
**Name of the Vulnerable Software and Affected Versions**
Tyk Gateway versions (affected versions not specified)
**Description**
The issue allows for Directory Traversal, enabling the deletion of arbitrary JSON files on the disk where Tyk is running. This is achieved through the `handleAddOrUpdateApi` function, which uses the `APIID` provided by the user to create a file on disk. If a file with the same name already exists, it will be deleted and then re-created with the contents of the API creation request.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.