Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gotham_blackbird-witchcraft | Palantir | 10.1 (including) | 104.30231001.8 (excluding) |