Google · Gcdwebserver · CVE-2019-14924
**Name of the Vulnerable Software and Affected Versions**
GCDWebServer versions prior to 3.5.3
**Description**
An issue in the GCDWebUploader class allows an adversary to make an inaccessible file available by leveraging the fact that the `moveItem` method checks the `FileExtension` of `newAbsolutePath` but not `oldAbsolutePath`. This could potentially expose sensitive information, such as app credentials.
**Recommendations**
For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `moveItem` method in the GCDWebUploader class until a patch is available.