CVE-2015-3297
Etherpad exposes a directory traversal flaw in Minify.js (node/utils/Minify.js) affecting Etherpad versions 1.1.1–1.5.2. The root cause is unsafely constructed path handling where backslashes are replaced with slashes in the path parameter of HTTP API requests, enabling read access to arbitrary f...