Directory Traversal in fancy-server · CVE-2014-10066 · GitHub Advisory Database · GitHub

Directory Traversal in fancy-server

High severity GitHub Reviewed Published Aug 31, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

fancy-server (npm)

Affected versions

< 0.1.4

Patched versions

0.1.4

Description

Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.

Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.

Recommendation

Upgrade to version 0.1.4 or greater.

References

Reviewed Aug 31, 2020

Published to the GitHub Advisory Database Aug 31, 2020

Last updated Jan 9, 2023