Directory Traversal in f2e-server
High severity
GitHub Reviewed
Published
Jul 24, 2018
to the GitHub Advisory Database
•
Updated Sep 13, 2023
Description
Published to the GitHub Advisory Database
Jul 24, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 13, 2023
Affected versions of
f2e-serverresolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.Example request:
Recommendation
Update to version 1.12.12 or later.
References