Name of the Vulnerable Software and Affected Versions lactate (affected versions not specified)

Description A crafted GET request can be used to traverse the directory structure of a host using the lactate web server package, allowing a remote attacker to gain access to arbitrary files outside of the specified web root. This enables the attacker to read files on the filesystem that the process has access to. Only files that the user running lactate has permission to read will be accessible via this issue.

Recommendations As there is currently no fix for this issue, selecting an alternative static web server would be the best choice.