Strmik

**Name of the Vulnerable Software and Affected Versions** Micronaut versions prior to 2.5.9 **Description** A path traversal vulnerability exists in Micronaut, allowing access to any file from a filesystem using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. With a basic configuration, it is possible to access sensitive information. **Recommendations** For versions prior to 2.5.9, as a temporary workaround, do not use `**` in mapping, use only `*`, which exposes only the flat structure of a directory not allowing traversal. If using Linux, another workaround is to run Micronaut in chroot. To fully resolve the issue, update to version 2.5.9 or later.