Mark Steward

**Name of the Vulnerable Software and Affected Versions** Aviatrix Controller versions 6.x through 6.5-1804.1921 **Description** The issue is related to an unrestricted upload of a file with a dangerous type, allowing an unauthenticated user to execute arbitrary code via directory traversal. This can be exploited by a remote attacker using a specially crafted file, potentially leading to the execution of arbitrary code. **Recommendations** For Aviatrix Controller versions 6.x through 6.5-1804.1921, update to version 6.5-1804.1922 or later to resolve the issue. As a temporary workaround, consider restricting access to file upload functionality to minimize the risk of exploitation.