Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.
Standard attack vectors such as ../
will allow an attacker to read files outside of the served directory.
Upgrade to version 0.1.4 or greater.
CPE | Name | Operator | Version |
---|---|---|---|
fancy-server | lt | 0.1.4 |