Path Traversal in public

2020-09-03T20:26:39
ID GHSA-4VVP-X9H2-X2VF
Type github
Reporter GitHub Advisory Database
Modified 2020-09-03T20:26:39

Description

All versions of public are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.

Recommendation

No fix is currently available. Do not use public in production or consider using an alternative module until a fix is made available.