The safe_path function in shttp prior to 0.0.5 allows remote malicious users to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
serverkit shttp |