http-file-server is vulnerable to directory traversal. It does not prevent the use of ../
in the path name of URL, allowing an attacker to list any files or folder in another folder of web root.
CPE | Name | Operator | Version |
---|---|---|---|
http-file-server | eq | 0.2.6 | |
http-file-server | eq | 0.2.6 |