CVE-2014-3744

Name of the Vulnerable Software and Affected Versions: st versions prior to 0.2.5

Description: A directory traversal issue allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. The vulnerability is caused by the failure to properly handle URL encoded dots, which are interpreted as dots by the filesystem, potentially allowing an attacker to read sensitive files on the server.

Recommendations: Update to version 0.2.5 or later.