A critical directory traversal vulnerability has been discovered in Performave Convoy's LocaleController component, enabling unauthenticated remote attackers to execute arbitrary code on affected servers.
The security vulnerability, tracked as GHSA-43g3-qpwq-hfgg and disclosed by researcher ericwang401 five days ago, impacts all Convoy installations running versions...