EPSS
Percentile
53.1%
FileDownloader is vulnerable to directory traversal. Failing to check filename in util/FileDownloadUtils.java allows the attacker to trigger the attack by sending a file attachment’s name with ../.
util/FileDownloadUtils.java
../
github.com/lingochamp/FileDownloader/commit/b023cc081bbecdd2a9f3549a3ae5c12a9647ed7f
github.com/lingochamp/FileDownloader/issues/1028