Lcxing

**Name of the Vulnerable Software and Affected Versions** metersphere versions prior to 2.7.1 **Description** The issue allows a user with permission to create a resource file through UI operations to append a path to their submission query, which will be read by the system and displayed to the user. This enables users to read arbitrary files on the server's filesystem, provided the server process has permission to read the requested files. **Recommendations** For versions prior to 2.7.1, upgrade to version 2.7.1 to address the issue. There are no known workarounds for this issue.