A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers’ docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information.