CVE-2017-16198

Name of the Vulnerable Software and Affected Versions: ritp versions (affected versions not specified)

Description: The issue concerns a directory traversal problem, where an attacker can access the file system by including ../ in the URL. However, access is limited to files with a file extension. A malicious actor can exploit this to access files outside the intended directory root, potentially disclosing private files. For example, an attacker might use a request like GET /../../../../../../../../../../etc/passwd HTTP/1.1 to attempt to access sensitive files, though in this case, /etc/passwd would not be accessible due to the lack of a file extension.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. It is recommended that ritp is only used for local development. If the functionality is needed for production, a different package should be used instead.