📚 CVE-2021-42052 | IPESA e-Flow 3.3.6 Query Parameter STEResource.res R path traversal

A vulnerability, which was classified as critical, has been found in IPESA e-Flow 3.3.6. Affected by this issue is some unknown functionality in the library lib/js/build/STEResource.res of the component Query Parameter Handler. The manipulation of the argument R leads to path traversal. This vulnerability is handled as CVE-2021-42052. The attack may be launched remotely. There is no exploit available. ...