0X46616C6B

Name of the Vulnerable Software and Affected Versions: Etherpad versions 1.1.2 through 1.5.4 Description: A directory traversal issue allows remote attackers to read arbitrary files with the permissions of the user running the service. This is achieved by including a .. (dot dot) in the `path` parameter of HTTP API requests. Recommendations: For versions 1.1.2 through 1.5.4, as a temporary workaround, consider restricting access to the `Minify.js` file in the `node/utils` directory until a patch is available. Avoid using the `path` parameter in affected HTTP API requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.