A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.218375 | third party advisory vdb entry technical description |
| https://vuldb.com/?ctiid.218375 | signature third party advisory permissions required |
| https://github.com/tombh/jekbox/commit/64eb2677671018fc08b96718b81e3dbc83693190 | third party advisory patch |