CVE-2024-27705

Name of the Vulnerable Software and Affected Versions Leantime version 3.0.6

Description The issue allows attackers to execute arbitrary code via the upload of a crafted PDF file to the "files/browse" endpoint. This enables the execution of malicious scripts, potentially leading to unauthorized access or data manipulation.

Recommendations For Leantime version 3.0.6, consider disabling the file upload feature to the "files/browse" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the file upload feature in this version until the issue is resolved.