CVE-2021-3019

Name of the Vulnerable Software and Affected Versions ffay lanproxy version 0.1

Description The issue allows Directory Traversal, enabling the reading of /../conf/config.properties to obtain credentials for a connection to the intranet. This could potentially expose sensitive information.

Recommendations For ffay lanproxy version 0.1, consider restricting access to the /../conf/config.properties file until a patch is available. As a temporary workaround, limit the exposure of sensitive credentials stored in this file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.