Directory traversal

2021-04-0219:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.8%

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.

CPENameOperatorVersion
shiny_serverlt1.5.16

CPE	Name	Operator	Version
	shiny_server	lt	1.5.16

References

blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/

github.com/colemanjp/shinyserver-directory-traversal-source-code-leak