inert

Hidden Directories Always Served

Severity: moderate

Overview

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false.

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Remediation

Update to version >= 1.1.1.

Vulnerable versions

1.0.0
4 years ago
1.1.0
4 years ago

Unaffected versions

2.0.0-pre
4 years ago
2.0.0-rc1
4 years ago
2.0.0-rc2
4 years ago
2.0.0-rc3
4 years ago
2.0.0-rc4
4 years ago
2.0.0-rc5
4 years ago
2.0.0-rc6
4 years ago
2.0.0
4 years ago
1.1.1
4 years ago
2.1.0
4 years ago
2.1.1
4 years ago
2.1.2
4 years ago
2.1.3
4 years ago
2.1.4
3 years ago
2.1.5
3 years ago
2.1.6
3 years ago
3.0.0
3 years ago
3.0.1
3 years ago
3.0.2
3 years ago
3.1.0
3 years ago
3.2.0
3 years ago
3.2.1
2 years ago
4.0.0
2 years ago
4.0.1
2 years ago
4.0.2
2 years ago
4.0.3
2 years ago
4.0.4
2 years ago
4.1.0
2 years ago
4.2.0
a year ago
4.2.1
a year ago
5.0.0-rc1
a year ago
5.0.0-rc2
10 months ago
5.0.0-rc4
10 months ago
5.0.0-rc5
10 months ago
5.0.0-rc7
10 months ago
5.0.0-rc8
10 months ago
5.0.0
9 months ago
5.0.1
9 months ago
5.1.0
7 months ago

Advisory timeline

  1. Published

    Advisory published
    Dec 16th, 2014
  2. Reported

    Initial report by Gil Pedersen
    Oct 17th, 2015