github.com/tyktechnologies/tyk is vulnerable to arbitrary file delete. The vulnerability exists through the handleAddOrUpdateApi
function in api.go
where json
files outside of the application can be deleted if the file path is specified in the request.