When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. …%2F…%2F…%2F…%2F…%2F…%2Fetc%2Fpasswd.
[
{
"product": "Apache Incubator Heron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Incubator Heron 0.13.0 to 0.17.8"
}
]
}
]