EPSS
Percentile
30.8%
magento/module-upward-connector is vulnerable to directory traversal. An attacker with a privilege to access Admin Console is able to upload a malicious YAML file to read arbitrary files from the remote server.
github.com/magento/upward-php/security
github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685