Affected versions of augustine
resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
GET //etc/passwd HTTP/1.1
host:foo
No direct patch is available at this time.
Currently, the best mitigation for this flaw is to use a different, functionally equivalent static file server package.