D3Sca

**Name of the Vulnerable Software and Affected Versions** common-user-management (affected versions not specified) **Description** The issue concerns a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture, which allows file uploads without proper validation or restrictions. This enables attackers to upload malicious files, potentially leading to Remote Code Execution (RCE). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.