CVE-2021-40349

Name of the Vulnerable Software and Affected Versions e7d Speed Test (aka speedtest) version 0.5.3

Description The issue allows a path-traversal attack, resulting in information disclosure via the "GET /.." substring. This enables an attacker to access sensitive information by manipulating the URL path.

Recommendations For version 0.5.3, consider restricting access to the API endpoint that handles the "GET /.." substring until a patch is available. As a temporary workaround, avoid using the vulnerable endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.