htmlpublisher is vulnerable to path traversal. User input report names are not further validated and are employed as part of a URL and as a directory name, overriding files outside the build directory.
CPE | Name | Operator | Version |
---|---|---|---|
html publisher plugin | le | 1.4-h-1 |