Soohyun

**Name of the Vulnerable Software and Affected Versions** Weaviate OSS versions prior to 1.33.4 **Description** An attacker who can insert data into the database can create an entry name containing an absolute path (for example, /etc/...) or utilize parent directory traversal (../../..) to bypass the restore root during a backup restoration. This could lead to the creation or overwriting of files in arbitrary locations within the application's permissions. **Recommendations** Update to version 1.33.4 or later.