CVE-2022-22685

Name of the Vulnerable Software and Affected Versions Synology WebDAV Server versions prior to 2.4.0-0062

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote authenticated users to delete arbitrary files via unspecified vectors.

Recommendations For versions prior to 2.4.0-0062, update to version 2.4.0-0062 or later to resolve the issue. As a temporary workaround, consider restricting access to the webapi component to minimize the risk of exploitation.