Happi0O

**Name of the Vulnerable Software and Affected Versions** Zaver versions through 2020-12-15 **Description** The issue allows directory traversal via the GET /.. substring. This can be exploited through the "GET /.. substring" API endpoint. **Recommendations** For versions through 2020-12-15, consider restricting access to the API endpoint "GET /.." to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.