Directory Traversal

Module: fancy-server

Published: November 15th, 2014

Reported by: Adam Baldwin

CVE-NONE

CWE-

Vulnerable: <0.1.4
Patched: >=0.1.4

Overview

Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as ../ to read files outside of the served directory.

Remediation

Upgrade to version 0.1.4 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo