Directory Traversal

Module: fancy-server

Published: November 15th, 2014

Reported by: Adam Baldwin

CVE-NONE

CWE-22

Vulnerable: <0.1.4
Patched: >=0.1.4

Overview

Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.

Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.

Remediation

Upgrade to version 0.1.4 or greater.

References