Directory Traversal in tinyserver2
High severity
GitHub Reviewed
Published
Jul 24, 2018
to the GitHub Advisory Database
•
Updated Sep 6, 2023
Description
Published to the GitHub Advisory Database
Jul 24, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 6, 2023
Affected versions of
tinyserver2
resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.Example request:
Recommendation
Update to v0.6.0 or later.
References