A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
View the template here CVE-2024-31848.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-31848