9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.5%
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
github.com/halo-dev/halo/issues/421