npm

Severity: high

Directory Traversal

fancy-server

Overview

Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.

Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.

Remediation

Upgrade to version 0.1.4 or greater.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Adam Baldwin
    Oct 17th, 2015
  2. published

    Advisory published
    Nov 15th, 2014