Arbitrary File Read Vulnerability in Etherpad 1.1.1 through 1.5.2

Arbitrary File Read Vulnerability in Etherpad 1.1.1 through 1.5.2

CVE-2015-3297 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.

Learn more about our Api Penetration Testing.