CVE-2021-35397

Name of the Vulnerable Software and Affected Versions: Drogon versions 1.0.0-beta14 through 1.6.0

Description: A path traversal issue in the static router could allow an unauthenticated, remote attacker to arbitrarily read files due to lack of proper input validation for requested path. An attacker could exploit this by sending crafted HTTP requests with specific paths to read files that should be restricted.

Recommendations: For Drogon versions 1.0.0-beta14 through 1.6.0, consider restricting access to the static router until a patch is available. As a temporary workaround, avoid using the static router for sensitive files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.