flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../
characters into in parameters to access resources outside of the web root.
CPE | Name | Operator | Version |
---|---|---|---|
flow server | le | 4.0.5 | |
flow server | le | 2.4.0 |