CVE-2021-34820

Name of the Vulnerable Software and Affected Versions: Novus HTTP Server versions through 1.51.2

Description: The Novus HTTP Server is affected by a Directory Traversal vulnerability for Arbitrary File Access. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data.

Recommendations: For versions through 1.51.2, consider restricting access to sensitive data until a patch is available. As a temporary workaround, restrict access to the HTTP GET request endpoint to minimize the risk of exploitation. Avoid using the Novus HTTP Server for sensitive data storage until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.