CVE-2021-40870

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions 6.x through 6.5-1804.1921

Description The issue is related to an unrestricted upload of a file with a dangerous type, allowing an unauthenticated user to execute arbitrary code via directory traversal. This can be exploited by a remote attacker using a specially crafted file, potentially leading to the execution of arbitrary code.

Recommendations For Aviatrix Controller versions 6.x through 6.5-1804.1921, update to version 6.5-1804.1922 or later to resolve the issue. As a temporary workaround, consider restricting access to file upload functionality to minimize the risk of exploitation.