CVE-2022-26315

Name of the Vulnerable Software and Affected Versions qrcp versions 0.8.4 and earlier

Description The issue allows for ../ Directory Traversal via the file name specified by the uploader when qrcp is in receive mode. This can potentially lead to unauthorized access to files outside the intended directory.

Recommendations For versions 0.8.4 and earlier, consider restricting the receive mode functionality until a patch is available to prevent exploitation of the Directory Traversal vulnerability. As a temporary workaround, validate and sanitize file names provided by uploaders to prevent malicious directory traversal.