CVE-2022-45921

Name of the Vulnerable Software and Affected Versions FusionAuth versions prior to 1.41.3

Description The issue allows an attacker to view or retrieve files outside of the application root using an HTTP request. Specifically, an attacker may be able to access any file readable by the user running the FusionAuth process.

Recommendations For versions prior to 1.41.3, update to version 1.41.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.