CVE-2017-16158

Name of the Vulnerable Software and Affected Versions: dcserver versions (affected versions not specified)

Description: The issue allows an attacker to access the filesystem by exploiting a directory traversal vulnerability. This can be achieved by placing "../" in the URL, giving access to files outside of the intended directory root, potentially resulting in the disclosure of private files on the vulnerable system. For example, a malicious actor can send a GET request to "/../../../../../../../../../../etc/passwd" to access sensitive files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the dcserver to minimize the risk of exploitation. It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.