CVE-2021-47942 | Home-Assistant Home Assistant Community Store up to 1.9.x Refresh Token /hacsfiles/ path traversal (Exploit 49495)

A vulnerability categorized as critical has been discovered in Home-Assistant Home Assistant Community Store up to 1.9.x. Impacted is an unknown function of the file /hacsfiles/ of the component Refresh Token Handler. Such manipulation leads to path traversal.

This vulnerability is listed as CVE-2021-47942. The attack may be performed from remote. In addition, an exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More