Eddie Zhang

**Name of the Vulnerable Software and Affected Versions** HTTP File Server version 1.4.1 **Description** The issue is related to a path traversal vulnerability that allows for arbitrary directory listing, file read, and file write. This is due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may permit a remote attacker to read, modify, or delete files. **Recommendations** For version 1.4.1, consider restricting access to sensitive directories and files as a temporary workaround until a patch is available. Avoid using the application for sensitive file storage or transfer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.