GHSA-9V3J-4J64-P937 OroPlatform vulnerable to path traversal during temporary file manipulations
Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...