Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 up to and including 1.5.2 allows remote malicious users to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
etherpad etherpad 1.1.2 |
||
etherpad etherpad 1.2.1 |
||
etherpad etherpad 1.2.3 |
||
etherpad etherpad 1.2.9 |
||
etherpad etherpad 1.2.10 |
||
etherpad etherpad 1.5.1 |
||
etherpad etherpad 1.2.5 |
||
etherpad etherpad 1.2.6 |
||
etherpad etherpad 1.2.7 |
||
etherpad etherpad 1.2.8 |
||
etherpad etherpad 1.1.3 |
||
etherpad etherpad 1.1.4 |
||
etherpad etherpad 1.1.5 |
||
etherpad etherpad 1.2.0 |
||
etherpad etherpad 1.2.11 |
||
etherpad etherpad 1.2.12 |
||
etherpad etherpad 1.3.0 |
||
etherpad etherpad 1.4.0 |
||
etherpad etherpad 1.4.1 |
||
etherpad etherpad 1.1.1 |
||
etherpad etherpad 1.2.2 |
||
etherpad etherpad 1.2.4 |
||
etherpad etherpad 1.2.81 |
||
etherpad etherpad 1.2.91 |
||
etherpad etherpad 1.5.0 |
||
etherpad etherpad 1.5.2 |