CVE-2020-21522

Name of the Vulnerable Software and Affected Versions halo version 1.1.3

Description An issue was discovered in the backend of the software, allowing for a Zip Slip Directory Traversal. This enables an attacker to overwrite certain files, including ftl files and .bashrc files in the user directory, potentially leading to the acquisition of operating system permissions.

Recommendations For version 1.1.3, consider restricting access to the backend to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable functionality in the backend that allows for file overwrites.