Cartadis · Cartadis Gespage · CVE-2021-33807
Name of the Vulnerable Software and Affected Versions:
Cartadis Gespage versions 8.2.1 and earlier
Description:
The issue allows Directory Traversal in the "gespage/doDownloadData" and "gespage/webapp/doDownloadData" API endpoints.
Recommendations:
For Cartadis Gespage versions 8.2.1 and earlier, update to a version that fixes the Directory Traversal issue in the `gespage/doDownloadData` and `gespage/webapp/doDownloadData` API endpoints.
As a temporary workaround, consider restricting access to the `gespage/doDownloadData` and `gespage/webapp/doDownloadData` API endpoints until a patch is available.