{"id":"CVE-2019-12901","details":"Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.","modified":"2026-04-10T04:12:09.529403Z","published":"2019-06-20T00:15:10.480Z","references":[{"type":"ADVISORY","url":"https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security"},{"type":"ADVISORY","url":"https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pydio/cells","events":[{"introduced":"0"},{"fixed":"fcc5eb1bad3ba3e2d37c8374f7fa599ff93213f6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.5.0"}]}}],"versions":["v1.0.0","v1.0.1","v1.2.0","v1.2.1","v1.2.2","v1.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12901.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}