CVE-2021-40668

Name of the Vulnerable Software and Affected Versions HTTP File Server version 1.4.1

Description The issue is related to a path traversal vulnerability that allows for arbitrary directory listing, file read, and file write. This is due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may permit a remote attacker to read, modify, or delete files.

Recommendations For version 1.4.1, consider restricting access to sensitive directories and files as a temporary workaround until a patch is available. Avoid using the application for sensitive file storage or transfer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.