Hidden Directories Always Served

Module: inert

Published: December 16th, 2014

Reported by: Gil Pedersen

CVE-NONE

CWE-22

Vulnerable: <1.1.1
Patched: >=1.1.1

Overview

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false.

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Remediation

Update to version >= 1.1.1.

References