Path Traversal in Shenzhen Longjing Technology Co. Ltd. Bems Api

CVE-2021-4463

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft t…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.013 (68.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References