Rre1Axo

**Name of the Vulnerable Software and Affected Versions** GoldPanKit eva-server version 4.1.0 **Description** A vulnerability has been identified that affects the `path` parameter of the "/api/resource/local/download" endpoint. Manipulation of this `path` parameter can lead to arbitrary file download. **Recommendations** For GoldPanKit eva-server version 4.1.0, consider restricting access to the "/api/resource/local/download" endpoint until a patch is available. As a temporary workaround, avoid using the `path` parameter in this endpoint to minimize the risk of exploitation.