CVE-2022-39296

Name of the Vulnerable Software and Affected Versions melisplatform/melis-asset-manager versions prior to 5.0.1

Description The issue allows attackers to read arbitrary files, leading to the disclosure of sensitive information. This can be done without requiring authentication. The problem was addressed by restricting access to files to intended directories only. Users should upgrade to a version that includes this fix.

Recommendations For versions prior to 5.0.1, upgrade to melisplatform/melis-asset-manager version 5.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories until the upgrade can be applied.