Improper limitation of a pathname to a restricted directory (βPath Traversalβ) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
calendar | eq | < 2.3.4-631 |