Hidden Directories Always Served

Module: inert

Published: December 16th, 2014

Reported by: Gil Pedersen

CVE-NONE

CWE-

Vulnerable: <1.1.1
Patched: >=1.1.1

Overview

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Remediation

Update to version >= 1.1.1.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo