Path traversal for local publishers in TechDocs backend
Impact A malicious actor with the ability to register entities in the Software Catalog is able to write files to arbitrary paths on the techdocs backend host instance when techdocs.publisher.type is set to local. This vulnerability is mitigated by the fact that the Software Catalog must be...