EPSS
Percentile
75.4%
xxl-conf-core is vulnerable to directory traversal attacks. The vulnerable exists due to the lack of sanitization on the value of pathname, allowing the download of any configuration file using the ../ characters.
../
github.com/xuxueli/xxl-conf/issues/61