CVE-2023-29380

Name of the Vulnerable Software and Affected Versions Warpinator versions prior to 1.6.0

Description The issue allows remote file deletion via directory traversal in top dir basenames. This could enable an attacker to delete arbitrary files on the recipient's computer. The vulnerability has been fixed in Warpinator 1.6.0, which also includes additional protection against similar issues through the use of file system isolation using Landlock or Bubblewrap.

Recommendations For versions prior to 1.6.0, update to Warpinator 1.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the top dir basenames directory to minimize the risk of exploitation.