[ https://issues.apache.org/jira/browse/THRIFT-4647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King III updated THRIFT-4647: -------------------------------------- Affects Version/s: 0.9.2 > [CVE-2018-11798] Node.js Fileserver webroot path > ------------------------------------------------- > > Key: THRIFT-4647 > URL: https://issues.apache.org/jira/browse/THRIFT-4647 > Project: Thrift > Issue Type: Bug > Components: Node.js - Library > Affects Versions: 0.9.2 > Reporter: Jake Farrell > Assignee: Jake Farrell > Priority: Critical > Labels: SECURITY > Fix For: 0.12.0 > > > Node.js fileserver allows for escaping the set file path -- This message was sent by Atlassian JIRA (v7.6.3#76005)