CVE-2024-31851

Name of the Vulnerable Software and Affected Versions CData Sync versions prior to 23.4.8843

Description A path traversal vulnerability exists in the Java version of CData Sync when running using the embedded Jetty server. This issue is related to errors in handling relative paths to directories. Exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to protected information and perform limited actions in the system by sending specially crafted HTTP requests.

Recommendations For versions prior to 23.4.8843, update to version 23.4.8843 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Jetty server to minimize the risk of exploitation.