The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
[
{
"product": "Apache Thrift",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Thrift 0.9.2 to 0.11.0"
}
]
}
]