The security researcher Robert Michel, which currently works at G-Data has found an vulnerability in the Cuckoo Sandbox project.
The vulnerability would allow the guest machine to upload a file, which could be used to infect specific environments and networks.
Cuckoo Sandbox published a report which provides insight in the file upload vulnerability.
HOW TO FIX
Go to the lib/cuckoo/core/resultserver.py file and change the following code
and change the “yellow” part
with
if "../" in buf or buf.startswith("/"):
raise CuckooOperationalError("FileUpload failure, banned path.")