Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.
Standard attack vectors such as
../ will allow an attacker to read files outside of the served directory.
Upgrade to version 0.1.4 or greater.
Have content suggestions? Send them to [email protected]
publishedAdvisory publishedNov 15th, 2014
reportedInitial report by Adam BaldwinOct 17th, 2015