Summary
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.
Impact
If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.
Patch: f2a86fd
ThomasRinsma Reporter
Summary
Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the
existence of absolute path components.
Impact
If an application uses
web.static()(not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components.Patch: f2a86fd