CVE-2024-22050

Name of the Vulnerable Software and Affected Versions Iodine versions less than 0.7.33

Description A path traversal issue in the static file service allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. This can be achieved by drafting malicious URLs that cause the static file server to attempt a response containing data from files that shouldn't be normally accessible from the public folder.

Recommendations For Iodine versions less than 0.7.33, upgrade to version 0.7.34 or later to resolve the issue. As a temporary workaround, consider disabling the static file service and its X-Sendfile support, and use an alternative method such as sending static files using nginx or a source code solution that sends the data dynamically.