Nutritious Potato Munchies
fancy-server

Directory Traversal

Severity: high

Overview

Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.

Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.

Remediation

Upgrade to version 0.1.4 or greater.

Vulnerable versions

0.1.0
5 years ago
0.1.1
5 years ago
0.1.2
5 years ago
0.1.3
5 years ago

Unaffected versions

0.1.4
5 years ago
0.1.5
3 years ago

Advisory timeline

  1. Published

    Advisory published
    Nov 15th, 2014
  2. Reported

    Initial report by Adam Baldwin
    Oct 17th, 2015