VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0

a. Directory traversal vulnerabilityDue to incomplete sanitation of user input, a support component of VMware Studio’s web interface can be tricked into uploading a file to any directory inside the VMware Studio virtual appliance. This issue does not affect virtual machines that are created with Studio 2.0 beta.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2968 to this issue.VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us.