Metingerdan

**Name of the Vulnerable Software and Affected Versions** pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 **Description** pyLoad contains a flaw in the `edit package()` function where insufficient sanitization of the `pack folder` parameter allows for path traversal. The existing protection uses a single replacement of "../", which can be bypassed with crafted recursive traversal sequences like `..././..././..././tmp`. A successful exploit allows an authenticated user with MODIFY permission to write files to arbitrary locations, such as /tmp, by escaping the intended storage directory. The issue is triggered by submitting a payload similar to `pack folder=..././..././..././tmp`, which after the single-pass replacement becomes `../../../tmp`. **Recommendations** Update to version 0.5.0b3.dev97 or later.