github.com/go-aah/aah is vulnerable to directory traversal. The vulnerability exists in the Serve
function in static.go
due to improper santization of user input through HTTPEngine.Handle
, which allows an attacker to read files outside of the target directory that the server has permission to read.