CVE-2017-16174

Name of the Vulnerable Software and Affected Versions: whispercast (affected versions not specified)

Description: The issue concerns a directory traversal problem, allowing an attacker to access the filesystem by manipulating the URL with "../". This vulnerability enables a malicious actor to access files outside the intended directory root, potentially disclosing private files on the vulnerable system. For example, an attacker can send a GET request to "/../../../../../../../../../../etc/passwd" to access sensitive information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the whispercast file server to minimize the risk of exploitation. It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.