CVE-2007-2285

Name of the Vulnerable Software and Affected Versions Ext JS version 1.0 alpha1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files by using a .. (dot dot) in the feed parameter of the examples/layout/feed-proxy.php file. It is noted that this issue might be platform dependent.

Recommendations For Ext JS version 1.0 alpha1, as a temporary workaround, consider restricting access to the feed-proxy.php file until a patch is available. Avoid using the feed parameter in the affected API endpoint until the issue is resolved.