Samschroderbsg

**Name of the Vulnerable Software and Affected Versions** Statmatic versions prior to 5.17.0 **Description** The issue allows assets uploaded with specially crafted filenames to be placed in a different location than configured, affecting front-end forms with `assets` fields and other areas where assets can be uploaded. This can potentially override existing files on the server. However, traversal outside an asset container is not possible. **Recommendations** For versions prior to 5.17.0, update to version 5.17.0 to resolve the issue. As a temporary workaround, consider restricting upload permissions to minimize the risk of exploitation. Additionally, restrict access to areas where assets can be uploaded to reduce the potential impact.