Severity: high

Directory Traversal



Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.

Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.


Upgrade to version 0.1.4 or greater.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Nov 15th, 2014
  2. reported

    Initial report by Adam Baldwin
    Oct 17th, 2015