CVE-2024-54909 Information

Description

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint where manipulation of this parameter can lead to arbitrary file download.

Reference

https://github.com/goldpankit/eva-springboot2/issues/2