js · @hapi/inertHeads-up
@hapi/inert Path Traversal via Confinement Check
A path traversal vulnerability in @hapi/inert's confinement check allows reading files from sibling directories whose names share a prefix with the served direc
What changed
A path traversal vulnerability in @hapi/inert's confinement check allows reading files from sibling directories whose names share a prefix with the served directory.
Who it affects
Applications using @hapi/inert to serve static files from a directory that has a sibling directory whose name starts with the same characters.
What to do today
Upgrade to version 7.1.1 or rename/move sibling directories to avoid prefix sharing.
The trail
Collected→
Audited→
Written→
Published