MidnightBSD

Advisories for supos

CVE-2024-39937

supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
supos supos 5.0