CVE-2022-45969

Name of the Vulnerable Software and Affected Versions Alist versions prior to 3.6.0

Description The issue allows a user with only file upload permission to bypass the base path restriction by using '../' to upload files to an arbitrary path, which is a form of Directory Traversal or Path Traversal. This can potentially lead to unauthorized access to sensitive files or directories.

Recommendations For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting file upload permissions to minimize the risk of exploitation.