CVE-2022-28791

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.41.8

Description The issue is related to improper input validation in the InstallAgent component, allowing an attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwriting existing files.

Recommendations For Galaxy Store versions prior to 4.5.41.8, update to version 4.5.41.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the InstallAgent component to minimize the risk of exploitation.