Vulnerability Details IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res R parameter. —————————————— [Vulnerability Type] Directory Traversal —————————————— [Vendor of Product] IPESA —————————————— [Affected Product Code Base] e-Flow – v.3.3.6 —————————————— [Affected Component] /lib/js/build/STEResource.res —————————————— [Attack Type] Remote —————————————— [Impact Information Disclosure] true —————————————— [Attack … Continue reading CVE-2021-42052 full disclosure