[ https://issues.apache.org/jira/browse/THRIFT-4647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King III closed THRIFT-4647. ------------------------------------- Resolution: Fixed > [CVE-2018-11798] Node.js Fileserver webroot path > ------------------------------------------------- > > Key: THRIFT-4647 > URL: https://issues.apache.org/jira/browse/THRIFT-4647 > Project: Thrift > Issue Type: Bug > Components: Node.js - Library > Affects Versions: 0.9.2 > Reporter: Jake Farrell > Assignee: Jake Farrell > Priority: Critical > Labels: SECURITY > Fix For: 0.12.0 > > > Node.js fileserver allows for escaping the set file path > https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11798 -- This message was sent by Atlassian JIRA (v7.6.3#76005)