statichttpserver is vulnerable to directory traversal. The attack is possible because it does not validate the path name of URL and directly use it for web root. An attacker providing a path name ../
is allowed to list the chosen folder.
CPE | Name | Operator | Version |
---|---|---|---|
statichttpserver | eq | 0.9.7 |