CVE-2014-10066
Directory Traversal in fancy-server
EPSS 0.98%
Description
Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack. Standard attack vectors such as `../` will allow an attacker to read files outside of the served directory. ## Recommendation Upgrade to version 0.1.4 or greater.
How to fix CVE-2014-10066
To remediate CVE-2014-10066, upgrade the affected package to a fixed version below.
- npm/fancy-server—upgrade to 0.1.4 or later
Is CVE-2014-10066 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.1.4