2 matches found
GHSA-9FV2-C7V6-P45W Fonoster is vulnerable to directory traversal
Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...
Fonoster 安全漏洞
Fonoster is a cloud communication platform developed by Fonoster. Versions of Fonoster prior to 0.6.1 contained security vulnerabilities. These vulnerabilities were caused by directory traversal vulnerabilities in the VoiceServer endpoints, which could lead to the reading of arbitrary files...