SillyTavern: Path Traversal allows file existence oracle
Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. By sending percent-encoded ../ sequences %2E%2E%2F in requests to static file routes, an attacker can check for the existen...