CVE-2018-16836

Name of the Vulnerable Software and Affected Versions Rubedo versions prior to 3.4.1

Description The issue allows unauthenticated attackers to read and execute arbitrary files outside of the service root path due to a Directory Traversal vulnerability in the theme component. This can be demonstrated by accessing a URI such as "/theme/default/img/%2e%2e/..//etc/passwd".

Recommendations For Rubedo versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the theme component to minimize the risk of exploitation.