CVE-2022-27617

Name of the Vulnerable Software and Affected Versions Synology Calendar versions prior to 2.3.4-0631

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote authenticated users to download arbitrary files via unspecified vectors.

Recommendations For versions prior to 2.3.4-0631, update to version 2.3.4-0631 or later to resolve the issue. As a temporary workaround, consider restricting access to the webapi component to minimize the risk of exploitation.