CVE-2020-29134

Name of the Vulnerable Software and Affected Versions: TOTVS Fluig platform versions 1.6.4 through 1.7.0

Description: The TOTVS Fluig platform allows path traversal through the parameter file = .. / encoded in base64. This issue affects various versions of the Fluig platform, allowing directory traversal via a base64 encoded file=../ to a volume/stream/ URI.

Recommendations: For versions 1.6.4 through 1.7.0, consider disabling the file parameter until a patch is available to prevent path traversal attacks. Restrict access to sensitive directories and files to minimize the risk of exploitation. Avoid using the file parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.