YunIO 1.15.3

• Fixed a path traversal vulnerability in the designer server which enabled fetching arbitrary files accessible to the server on file system level.
• All previous versions are affected and an immediate update is recommended
• No authentication or authorization is required
• It is not possible to enumerate directory structures and/or their contents
• However, it is possible to guess file names and their location and craft a specific request for them
• Possibly affected types of directories (if the server runs with sufficient privileges):
  • local file system
  • local drives (c:, d:, etc.)
  • network drives (SMB)