Percona · Percona Xtrabackup · CVE-2022-45866
**Name of the Vulnerable Software and Affected Versions**
qpress versions before 11.3
qpress before PierreLvx/qpress 20220819
**Description**
The issue allows directory traversal via ../ in a .qp file. This can be exploited in products that use qpress, such as Percona XtraBackup.
**Recommendations**
For qpress versions before 11.3, update to version 11.3 or later.
For qpress before PierreLvx/qpress 20220819, update to PierreLvx/qpress 20220819 or later.
As a temporary workaround, consider restricting access to .qp files to minimize the risk of exploitation.