Headline
GHSA-r49h-6qxq-624f: Weave server API vulnerable to arbitrary file leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.
Weave server API vulnerable to arbitrary file leak
High severity GitHub Reviewed Published Jul 31, 2024 to the GitHub Advisory Database • Updated Jul 31, 2024