CVE-2019-14924
GCDWebServer (before 3.5.3) is affected. The vulnerable component is GCDWebUploader’s moveItem, which validates FileExtension against newAbsolutePath but not oldAbsolutePath, enabling an attacker to make an inaccessible file (e.g., app credentials) accessible. Impact is information disclosure; no...