CVE-2022-2969

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4

Description The issue arises from the software's failure to properly neutralize special elements within a pathname constructed from external input. This pathname is intended to identify a file or directory located underneath a restricted parent directory. However, due to the lack of proper neutralization, the pathname can resolve to a location outside of the restricted directory, potentially leading to unauthorized access or file creation.

Recommendations For versions prior to v1.5.0.0 Beta 4, update to version v1.5.0.0 Beta 4 or later to resolve the issue. As a temporary workaround, consider restricting external input to prevent the construction of malicious pathnames until a patch is applied.