Tag
Microsoft APM CLI version 0.8.11 and earlier are vulnerable to path traversal, allowing a malicious plugin to copy arbitrary readable host files during installation by manipulating paths in the plugin.json file.