CVE-2022-45921 Information

Description

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.

Reference

https://github.com/FusionAuth/fusionauth-issues/issues/1983 https://fusionauth.io/docs/v1/tech/release-notes