Minnggyuu

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.53.2 **Description** changedetection.io is a web page change detection tool. Versions prior to 0.53.2 are susceptible to an unauthenticated local file read of application source files. The `/static/<group>/<filename>` API endpoint allows the `group` parameter to be set to "..", which results in the execution of `send from directory("static/..", filename)`. This action elevates the base directory to `/app/changedetectionio`, potentially exposing source files like `flask app.py`. **Recommendations** Update to version 0.53.2 or later.