CVE-2024-49366

Nginx UI (versions up to 2.0.0-beta.35) is affected by a directory-traversal vulnerability where the UI reads a value from a JSON field without verification, enabling payloads like ../../ to write arbitrary files on the server and potentially cause permission loss. A fix is available: upgrade to ...