EPSS
Percentile
17.8%
octoprint is vulnerable to information disclosure. The vulnerability is due to multiple functions in languages.py not sanitizing symlinks in language packs resulting in directory traversal used to extract information from the server.
languages.py
github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11