3 matches found
CVE-2023-40274 vulnerabilities
Vulnerabilities for packages: zola...
CVE-2023-40274 vulnerabilities
Vulnerabilities for packages: zola...
CVE-2023-40274
CVE-2023-40274 affects zola 0.13.0–0.17.2 where the built‑in server (zola serve) mishandles path traversal sequences, allowing an attacker to escape the webroot and read arbitrary filesystem files via URL paths containing sequences like ../. This is due to the handle_request logic not properly sa...