CVE-2017-16217

Name of the Vulnerable Software and Affected Versions: fbr-client (affected versions not specified)

Description: The issue concerns a directory traversal problem, where an attacker can access the filesystem by manipulating the URL with "../" sequences. This vulnerability allows malicious actors to access files outside the intended directory root, potentially leading to the disclosure of private files on the vulnerable system. For example, an attacker could send a request like "GET /../../../../../../../../../../etc/passwd HTTP/1.1" to access sensitive files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.