CVE-2015-3309
The CVE-2015-3309 entry concerns Etherpad’s Minify.js (node/utils/Minify.js) with a directory traversal vulnerability in Etherpad versions 1.1.2 through 1.5.4. The root cause is an incomplete fix to CVE-2015-3297, allowing an attacker to read arbitrary files via a .. sequence in the path paramete...