Versions of crud-file-server
prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Upgrade to version 0.9.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
crud-file-server | lt | 0.9.0 |