CVE-2022-27906
Affected product: Mendelson OFTP2 before 1.1 b43. Root cause is a directory traversal in the upload path, exploitable by an attacker who knows one of the configured Odette IDs. This can allow uploading files outside the intended upload directory. The documents do not provide a remediation or patc...