Kirill89

**Name of the Vulnerable Software and Affected Versions** pistacheio/pistache versions prior to 0.0.3.20220425 **Description** The issue allows directory traversal, enabling the fetching of arbitrary files from the server. This is a significant security concern as it could lead to unauthorized access to sensitive data. **Recommendations** For versions prior to 0.0.3.20220425, update to version 0.0.3.20220425 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** drogonframework/drogon versions prior to 1.7.5 **Description** The issue arises from the unsafe handling of file names during upload using the `HttpFile::save()` method, potentially allowing attackers to write files to arbitrary locations outside the designated target folder. **Recommendations** For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `HttpFile::save()` method until a patch is available.