Name of the Vulnerable Software and Affected Versions serve versions prior to 6.5.2

Description The issue allows for the bypass of the ignore functionality due to validation occurring before canonicalization of paths and filenames. This can be exploited by using URL encoded characters in file names, such as using %65 instead of 'e'. For example, an attacker can access an ignored file test.txt by requesting t%65st.txt. This technique can also be used to obtain directory listings of ignored directories.

Recommendations Update to version 6.5.2 or later.