Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 up to and including 1.5.4 allows remote malicious users to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
etherpad etherpad |