EPSS
Percentile
26.1%
droppy is vulnerable to directory traversal. Lack of validation allows an attacker to access system files outside of the web root using the ../ characters in the URL.
../
github.com/silverwind/droppy/blob/master/server/server.js%23L845
github.com/silverwind/droppy/blob/v10.0.15/server/server.js#L830-L838