CVE-2021-3152

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2021.1.3

Description The issue is related to a lack of protection against directory-traversal attacks in custom integrations. It is noted that the vendor views the vulnerability as being in custom integrations written by third parties, rather than in Home Assistant itself. However, Home Assistant has a security update that addresses this situation.

Recommendations For versions prior to 2021.1.3, update to version 2021.1.3 or later to address the issue. As a temporary workaround, consider restricting access to custom integrations until the update is applied.