CVE-2017-16120

Name of the Vulnerable Software and Affected Versions: liyujing versions (affected versions not specified)

Description: The issue concerns a directory traversal problem, allowing an attacker to access the filesystem by manipulating the URL with "../". This vulnerability enables access to files outside the intended directory root, potentially leading to the disclosure of private files. An example of exploiting this issue involves sending a GET request to access sensitive files, such as /../../../../../../../../../../etc/passwd.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories until an alternative solution is available. It is recommended to use the package only for local development, and for production environments, consider using a different package that does not have this issue.