Name of the Vulnerable Software and Affected Versions afire versions prior to 1.1.0

Description This issue affects the built-in serve static extension in afire, allowing paths containing //.... to bypass previous path sanitation and request files in higher directories that should not be accessible.

Recommendations For versions prior to 1.1.0, update to the newest version of afire, which is 1.1.0. As a temporary workaround for versions prior to 1.1.0, consider adding the PathTraversalFix middleware to disallow paths containing /.. and return a 400 status code for such requests.