Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled.
Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled.
https://www.home-assistant.io/blog/2021/01/14/security-bulletin/
Workaround ========== The issue can be mitigated by disabling all custom integrations. This is achieved by renaming the custom_components folder inside the Home Assistant configuration folder to something else and restarting Home Assistant.