Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
[
{
"product": "Synology Download Station",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"
}
]
}
]