flow-server is vulnerable to information disclosure. Lack of validation and sanitization of path in the default RouteNotFoundError
view allows an attacker to enumerate available routes via malicious HTTP requests.
CPE | Name | Operator | Version |
---|---|---|---|
flow server | le | 6.0.9 | |
flow server | le | 2.6.1 | |
flow server | le | 6.0.9 | |
flow server | le | 2.6.1 |