It is a RCE vulnerability and I think it affects all versions. In earlier version 0.4.20, the trigger difference is the pyload installation folder path difference and the upload file must with extension ".js" . The render js code in version 0.4.20:
This Cyber News was published on www.tenable.com. Publication date: Thu, 25 Apr 2024 04:56:04 +0000